New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How to fix "Extra download" in ssllabs report
I have been tweaking my ssl configuration for hours and i fixed almost everything.However i don't know how to fix the Extra download AddTrust External CA Root
https://www.ssllabs.com/ssltest/analyze.html?d=filterbypass.me
Here are the relevant parts of my nginx configuration
ssl_certificate /etc/ssl/filterbypass.me_bundle.crt;
ssl_trusted_certificate /etc/ssl/trustchain.crt;
filterbypass.me_bundle.crt is filterbypass_me.crt + PositiveSSLCA2.crt
trustchain.crt is PositiveSSLCA2.crt + AddTrustExternalCARoot.crt
Can someone please help me out with this
Comments
Here you go: https://community.qualys.com/thread/12662
@forthcloud
I am not having anchor issues according to the ssllabs report
You only need the Intermediate as the client will have the Root CA already.
@forthcloud
So in plain english the trustchain.crt must contain only PositiveSSLCA2 and not the Root CA
Correct me if i am wrong
anyone knows how to fix it ????
You don't need it since it's already in the trust stores, but I include it anyways.
i remove the trustchain.crt and i set the PositiveSSLCA2.crt as the trustchain
The extra download is still there
Remember to clear the SSL test cache and restart your webserver.
@darknyan both of these have been done
@khav The "Extra Download" problem can be ignored. The report for my blog also has that note on it. If you look closer at your report, you can see that the first trusted certificate path (Path #1) does NOT require an extra download, which should be enough.
@hwdsl2
It means i wasted 3 hours of my life trying to fix something that isn't broke
Really disappointing