The service certificate specified in Server.TLSCertificate needs to be a full certificate chain instead of just a certificate, because clients do not generally have intermediate CAs in their CA certificate bundles. Therefore the option name TLSCertificate is misleading since it implies a single cert.
It would be nice to rename it to point out that you need a cert chain; I suggest Server.TLSCertificateChain as the new name.
Pelican Service:
The service certificate specified in
Server.TLSCertificate
needs to be a full certificate chain instead of just a certificate, because clients do not generally have intermediate CAs in their CA certificate bundles. Therefore the option nameTLSCertificate
is misleading since it implies a single cert.It would be nice to rename it to point out that you need a cert chain; I suggest
Server.TLSCertificateChain
as the new name.