11-23-2022, 10:20 PM
>>With your Sectigo cert, did you have to install the
>>intermediate certificate into Windows?
I got that one backwards, I use letsencrypt for IW and Sectigo for codesigning. With SA it's all Indy and getting your PEM certs and root certs in order, it doesn't look at what's installed in Windows. With http.sys it reads the certs from windows. It took me about a half day to get http.sys running the first time and is quite simple after that. I still use SA for local debugging then http.sys for production. After going to http.sys the response times for me were 5X - 10X faster than SA, I was shocked at the increase. And http.sys supports multiple domains on a single cert.
For "Certificate Chain incomplete" try this with OpenSSL:
openssl pkcs12 -in example.pfx -out example.pem -nodes
>>intermediate certificate into Windows?
I got that one backwards, I use letsencrypt for IW and Sectigo for codesigning. With SA it's all Indy and getting your PEM certs and root certs in order, it doesn't look at what's installed in Windows. With http.sys it reads the certs from windows. It took me about a half day to get http.sys running the first time and is quite simple after that. I still use SA for local debugging then http.sys for production. After going to http.sys the response times for me were 5X - 10X faster than SA, I was shocked at the increase. And http.sys supports multiple domains on a single cert.
For "Certificate Chain incomplete" try this with OpenSSL:
openssl pkcs12 -in example.pfx -out example.pem -nodes