Hi,
I have sites with letsencrypt being served from nginx server.
How can I ensure that my sites are serving the cross singed chain (DST ROOT X3) .
When I access from the browser and check the chain, I am not seeing the DST ROOT anywhere.
Just seeing -> R3 -> IST ROOT X1
The cross-signed DST Root CA X3 is the default chain provided.
Unless you have done something to override the default OR you are using an O/S that ignores the provided chain and builds its' own to use (Windows!), you should be fine.
If you need to test to be sure.
Try:
openssl s_client -connect EXAMPLE.COM:443 -servername EXAMPLE.COM | head
OR
by using SSL Labs (or those types of sites)
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.