/ Register

Get the most out of your Centmin Mod LEMP stack
Become a Member

SSL Guide: Renewing & Reinstalling SSL Certificate on Centminmod with GoGetSSL

Discussion in 'Domains, DNS, Email & SSL Certificates' started by deltahf, Jan 3, 2016.

Tags:
Previous Thread Next Thread
Loading...
Page 2 of 2
  1. Dec 21, 2016 #21
    deltahf

    deltahf Premium Member Premium Member

    595
    270
    63
    Jun 8, 2014
    Ratings:
    +500
    Local Time:
    4:04 AM
    Ah, OK, Qualys report is much better. "A+" (y)

    It does still complain about the root certificate being installed in the server ("Chain issues: contains anchor"). Am I correct in assuming that this is included in the ca-bundle file? If so, how and where would I go about removing it? There are two certificate sections in the ca-bundle file... how are you supposed to know which one is which?

    According to what I have read there can be a slight performance impact in sending over the root certificate because it is redundant.
     
  2. Dec 21, 2016 #22
    eva2000

    eva2000 Administrator Staff Member

    58,894
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    6:04 PM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    usually the last cert in ca-bundle would be the ca root one if similar to SSL - Compiled list of SSL certificate file name bundles | Centmin Mod Community

    yes there is hence why i always remove it :)
     
  3. Dec 21, 2016 #23
    deltahf

    deltahf Premium Member Premium Member

    595
    270
    63
    Jun 8, 2014
    Ratings:
    +500
    Local Time:
    4:04 AM
    Thanks, yeah, that was it! Reports all clear now. Might be worth adding a note about that to the Centminmod SSL setup guide. :)

    Maybe I just overlooked it but I didn't see anything about this mentioned anywhere else.
     
  4. Dec 21, 2016 #24
    eva2000

    eva2000 Administrator Staff Member

    58,894
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    6:04 PM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    yeah the guide includes the root ca ssl cert as it concats the ca-bundle right now
     
Previous Thread Next Thread
Loading...
Page 2 of 2

.