I have an application that needs to receive the full certificate chain including the self-signed root certificate in order to function properly. When I look at the site in SSL Labs I see that the end-user certificate and the intermediate certificate are presented by the server, but not the root certificate:
For most use-cases this is perfectly fine as the root certificate is already installed and trusted on client machines. However, I’ve got this one application that needs the server to send it the full chain.
- Did this behavior change recently within CloudFlare? This application just started having problems on Saturday
- Is it possible to force Cloud Flare to present the entire certificate chain?
For our site I’ve got CloudFlare SSL/TLS Encryption set to ‘Full’ with Universal edge certificates that are managed by CloudFlare. The site in question is set to use CloudFlare as a proxy.
We did replace the certificate on our web servers this month, and the original expired on 3/27 (suspicious given the timing of the problem I’m dealing with), but I can’t see anywhere in the CloudFlare UI where that original was uploaded and would need to be replaced by the renewed cert. I wouldn’t think that old certificate would matter, but again the timing of the expiration is highly suspicious so I keep going back to it.