Is the root CA certificate required in the .crt file?

Asked Apr 27 '14 at 14:05

Active Apr 27 '14 at 16:12

Viewed 91 times

I am setting up SSL on Nginx with a free StartSSL certificate. Based on the instructions given on this StartSSL page I created a unified certificate containing the CA's root certificate, Intermediate certificate and the one for my domain.

Testing this setup on ssllabs the following sections caught my eye.

So I thought if the root CA certificate is in the trust store why should I add it to my .crt file and removed it from my server.

Checking again I found that the size of the certificate reduced and the Chain issues - Contains anchor disappeared.

I tested the site on Firefox and IE11 and no SSL errors were displayed.

Did I setup deploy certificate right?

Why does that page on StartSSL instruct to add the root CA certificate too if it is already present in the browsers' certificates store?

edited Apr 27 '14 at 16:12

asked Apr 27 '14 at 14:05

A.Jesin

Your question is already answered here: http://security.stackexchange.com/questions/24561/ssltest-chain-issues-contains-anchor – binaryanomaly Apr 27 '14 at 15:19
@binaryanomaly You're right! How do I "close" this question now? – A.Jesin Apr 27 '14 at 16:14
Click `answer your question` down below – binaryanomaly Apr 27 '14 at 16:16
@A.Jesin Just wait a bit. The question will be closed on its own. – Adi Apr 28 '14 at 13:30

Is the root CA certificate required in the .crt file?

0 Answers0