11-24-2022, 09:08 AM
Hi
Normally for Indy servers like SA, the root.pem file should contain all intermediate and root certificates to validate the certificate.
Maybe your root.pem is not containing all those certificates to get a complete chain. That would explain the B-grade message.
Not sure if the order of the certificates in root.pem is important but I use
root
intermediate 1
intermediate 2
example.domain.com
-----BEGIN CERTIFICATE-----
intermediate 2
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
intermediate 1
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
root
-----END CERTIFICATE-----
Using a SA server I also get an A-grade rating from ssllabs. I didn't change the ciphers for that. I can get A+ by disabling some old ciphers used by older OS.
Normally for Indy servers like SA, the root.pem file should contain all intermediate and root certificates to validate the certificate.
Maybe your root.pem is not containing all those certificates to get a complete chain. That would explain the B-grade message.
Not sure if the order of the certificates in root.pem is important but I use
root
intermediate 1
intermediate 2
example.domain.com
-----BEGIN CERTIFICATE-----
intermediate 2
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
intermediate 1
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
root
-----END CERTIFICATE-----
Using a SA server I also get an A-grade rating from ssllabs. I didn't change the ciphers for that. I can get A+ by disabling some old ciphers used by older OS.