in general I got 3 files from GoDaddy:
- main Certificate file
- Server Private Key
- Bundle file
in configured all these files in my Go server in the following way:
The web server runs properly, it's currently published at
https://myalcoholist.com:443
.I validated my SSL using
https://www.ssllabs.com/ssltest/analyze.html?d=myalcoholist.com
and it's response is This server's certificate chain is incomplete. Grade capped to B.
you can go to this link to see the all detailed result.
what am I missing?
Flimzy42.9k1313 gold badges7171 silver badges108108 bronze badges
ufkufk11.4k5050 gold badges175175 silver badges304304 bronze badges
1 Answer
Following that thread, and from the
net/http/#ListenAndServeTLS()
doc:If the certificate is signed by a certificate authority, the certFile should be the concatenation of the server's certificate, any intermediates, and the CA's certificate.
Try and make sure your
cert/myalcoholist.pem
includes the CA certificates as well.That thread used:
Compared to my previous answer, adding a cipher suite is a good idea, but again, try and see if the certificate file passed to
ListenAndServeTLS
works better if it includes the CAs.Sure enough, https://www.ssllabs.com/ssltest/analyze.html?d=myalcoholist.com reports grade A, with the warning: “Chain issues: Contains anchor”.
See 'SSL/TLS: How to fix “Chain issues: Contains anchor”' to remove that warning, but this is not an error though:
See 'SSL/TLS: How to fix “Chain issues: Contains anchor”' to remove that warning, but this is not an error though:
RFC 2119: the server is allowed to include the root certificate (aka 'trust anchor') in the chain, or omit it. Some servers include it
Community♦
VonCVonC874k315315 gold badges28282828 silver badges33853385 bronze badges
Got a question that you can’t ask on public Stack Overflow? Learn more about sharing private information with Stack Overflow for Teams.
Not the answer you're looking for? Browse other questions tagged sslgohttps or ask your own question.
After running a test on SSL Server Test, I got
This server's certificate chain is incomplete
. Later I read in orange: Chain issues Incomplete, Contains anchor
.I tried to understand what was wrong and read about the subject, but I don't succeed to see what is wrong and how to find the cause of the issue.
If anyone would mind to give me some steps I could do to find the problem, I would be glad !
EDIT for further readers:
The issue was that I had 2 intermediate certificates. I had to copy/paste each of them in one single file and use that file as the whole intermediate certificate.
Sharcoux
SharcouxSharcoux
1 Answer
Clients are expected to have the root certificate already in their list of trusted certificates.
Your own certificate is at the other end of the chain but between these two certificates there are typically one or more intermediate certificates.
As clients are not expected to know about these intermediate certificates you should configure your server to not only present its own certificate but also any intermediate certificates.
This allows the client to have the whole chain available and be able to validate that it ends at one of its trusted certificates.
Håkan LindqvistHåkan LindqvistThis allows the client to have the whole chain available and be able to validate that it ends at one of its trusted certificates.
23k44 gold badges3838 silver badges6262 bronze badges
Not the answer you're looking for? Browse other questions tagged sslssl-certificatecertificate-authority or ask your own question.
While using Barba I mentioned that my browser loads a new page when a link contains a hash (e.g.
another-page.html#section1
).Scenario:
I'm on page
On page
I'm on page
A.html
. This page contains a link to B.html#anchor
. If I click the link, the browser will load the page and not Barba.On page
A.html
is a second link A.html#somewhere
. Clicking on this link should not trigger Barba but the browser to jump to #somewhere
.After investigating the source code I found out, that Barba doesn't handle clicks on links with a hash but letting the browser performing the event.
See https://github.com/luruke/barba.js/blob/188de0364c1cc3e046fb389fdd36cb53303800bf/src/Pjax/Pjax.js#L190 which will check if Barba manages to get the new page or ignore the click.
And here https://github.com/luruke/barba.js/blob/188de0364c1cc3e046fb389fdd36cb53303800bf/src/Pjax/Pjax.js#L232 it decides to ignore the request.
See https://github.com/luruke/barba.js/blob/188de0364c1cc3e046fb389fdd36cb53303800bf/src/Pjax/Pjax.js#L190 which will check if Barba manages to get the new page or ignore the click.
And here https://github.com/luruke/barba.js/blob/188de0364c1cc3e046fb389fdd36cb53303800bf/src/Pjax/Pjax.js#L232 it decides to ignore the request.
The comment on line 231 suggests that links with a hash shouldn't be handled by Barba because the browser should jump to the anchor.
However there should be a check, that the target link equals the current link (without a hash). If it does not it's obviously another page.
However there should be a check, that the target link equals the current link (without a hash). If it does not it's obviously another page.
But when changing this behavior how will be the anchor 'jump' be handled? Maybe by adding the hash via
window.location = '#hash'
after the new page was loaded? This could be realized with Promises?Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.
Sign upHave a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
commented Mar 8, 2016
No description provided. Sketchup plugins 2016 download. Dec 19, 2007 I got it! On a Mac, you have to place the.rb file in the Library Application Support Google SketchUp 6 SketchUp Plugins folder. (This assumes that the SketchUp program exists in a folder called Google SketchUp 6 within the Applications folder.) Once I did that, the sub-menu included a Volume option. Thanks for your help, Pilou. |
self-assigned this Jul 28, 2016
commented Aug 23, 2016
Works for me |
commented Aug 23, 2016
Closing. Will reopen if we come across it again. |
commented Sep 2, 2016 • edited
edited
I came across it again here: https://dev.ssllabs.com/ssltest/analyze.html?d=tls-test-01-sep-2016-01.qlued.net I can keep this server around for a week or so. |
removed the invalid label Sep 2, 2016
commented Sep 8, 2016
Fixed. deployed on dev. Issue was when self signed certificate is CA cert |
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment
I have SSL EV certificate for https://goout.cz. According to this test we are getting A+:
However I get warning for 'Incorrect order, Contains Anchor'.
But this test: https://cryptoreport.websecurity.symantec.com/checker/views/certCheck.jsp
Says: Certificate not installed correctly.
So far I am unable to find the issue. I thought I might have wrongly concatenated the main and intermediate certificates, but I checked that the main certificate is first and then the intermediate certificates are following.
VojtěchVojtěch
1 Answer
Your file should contain
- Your certificate
- The intermediate certificate that signed your certificate
- Any other intermediate certificates, in order
Your file should NOT contain the root certificate.
Certificate Transparency
In other words:
- Cert 0's subject should be you
- Cert 0's issuer should equal cert 1's subject
- Cert 1's issuer should equal cert 2's subject
- ..
- Cert n's issuer should equal the root's subject
- The root's issuer should by definition be equal to its subject (otherwise it's not a root certificate).
Are you using linux with openssl? If so I can provide a script to check this.
I just connected to your site using
Chain Issues Incomplete
It seems you have a file with four certificates, and to get a perfect score you should remove the second one and exchange the last two.
Comodo Certificate Chain
Law29Law2937611 gold badge33 silver badges1313 bronze badges