Description of problem: Using web management console to add custom domain ssl certs does not work as expected when uploading ssl domain cert and certificate chain separately. You can do a workaround as stated in this bug: https://bugzilla.redhat.com/show_bug.cgi?id=985952 Then works perfect and ssl validation is passed. But, it should work when uploading cert and chain in separated files too, doesn´t it? Steps to Reproduce: 1. Purchase a custom ssl certificate for your domain. 2. Upload your domain certificate, the certificate chain, private key and passphrase. 3. Web console finish ok, but if you validate your domain with an ssl checker (http://www.sslshopper.com/ssl-checker.html) it fails because cannot follow certified authority chain. Actual results: Browser tells you that the certificate is valid but there is some problem validating your authorithy certs. Expected results: Green lock on browser with no warning signal on navigation bar. Additional info: Both tested apps are scalable ones so this is related to haproxy ssl config. My apps are wordpress scalable and jboss 7. As stated above, workaround of merging domain cert and certificate chain in one file and uploading as domain cert is working. Maybe if user uploads both separately you could concatenate contents and configure haproxy as you are doing when only domain cert with chain is uploading. This could work if pem format is present in uploaded files.
Workaround available, lowering severity. The issue is being investigated.
Some time has passed and it still does not pass: https://www.sslshopper.com/ssl-checker.html#hostname=www.truthmapping.com thoughts?
Fixed in https://github.com/openshift/origin-server/pull/5857
Tested on devenv_5218, the ssl chain can be added successfully from web console, so verify this bug, thanks.
*** Bug 1157188 has been marked as a duplicate of this bug. ***
This is still broken. I just tried it and got an SSL error. I tried concatenating the two certificates and using that as the server certificate and that worked just fine.