I have decided to generate SSL for IIS.
I have own CSR and private key. The SSL generated by CloudFlare is in pcks7 format. I would like to to combine it into one pfx formate in order to import it in iis.
I used to work with Start SSL certificate – I always worked with 3 – files – my ssl crt, private key and intermediate crt.
With cloudflare, there is intermediate missing. I have tried to skip it while generating pfx with OpenSSL, but when I use it with IIS server, I get a warning:
One or more certificates in the intermediate chain are missing…
There was no such a message with Start SSL pfx.
Can I ignore it? What intermediate should I use? Or how can make sure that connection is properly encrypted?
EDIT
Obtained PCKS7 details
Issuer: California, San Francisco, CloudFlare Origin SSL Certificate Authority, CloudFlare, Inc., US
Subject: CloudFlare Origin Certificate, CloudFlare Origin CA, CloudFlare, Inc.
Certificate status: The issuer of this certificate could not be found.
Best Answer
To solve problem I needed import "CloudFlare Origin SSL" certificate as Trusted in "Ceritificates" snap-in in MMC (Microsoft Management Console).
Do not know why embbeding it in PFX files do not work - maybe due to untrusted ca certificate.