I have a certificate file provided to me which is a wildcard domain name.
It comes as both a key and a crt file. No other files were provided.
I'm having trouble getting it to work correctly with the elastic load balancer.
I've tried this order:
http://www.networksolutions.com/support/installation-of-an-ev-ssl-certificate-for-tomcat-apache/
With the intermediate certs obtained from here:
http://www.networksolutions.com/support/where-can-i-locate-the-network-solutions-nsprotect-root-and-intermediate-certificate-files/
I've also tried the following:
- Network Solutions Add Trust External CA Root
- Network Solutions UTN Add Trust CA
- Network Solutions UTN Server CA
- Network Solutions Extended Validation (EV) CA
- Network Solutions Intermediate Certificate
- Network Solutions EV Root
The error that the ELB returns is:
Unable to validate certificate chain. The certificate chain must start
with the immediate signing certificate, followed by any intermediaries
in order. The index within the chain of the invalid certificate is: -1
There is so much conflicting and outdated information out there and nothing seems to work. How do I get this working?
Is there a method I can use with OpenSSL to manually work it out what certificates I need at each step?
Best Answer
I just ended up working this out, the correct order for the certificate chain is as follows:
Good luck!