In order to have full chain for SSL certificate, the intermediate/Root certificate needs to be added. To do so, I did the following in hestia and vesta and Grade of SSL changed from B->A per the following website: https://www.ssllabs.com/ssltest/
Instructions:
1-Download the certificates by giving the Id number of the certificate to the provided cert manager website (https://cert-manager.com/customer/InCommon/). since PEGR is working with Apache download the following two:
A) "as Certificate only, PEM encode" for server certificate
B) "Intermediate(s)/Root only, PEM encoded" for intermediate and root certificate
2- Copy those files to '/etc/pki/tls/certs/' in PEGR machine
3- Open '/etc/httpd/conf.d/ssl.conf' and provide the address of 'server' and 'intermediate and root' certificates to the ssl.conf file as the following:
SSLCertificateFile /etc/pki/tls/certs/hestia_cac_cornell_edu_cert-1.cer
SSLCertificateChainFile /etc/pki/tls/certs/hestia_cac_cornell_edu_interm.cer
**Please note that the server key should also be already uncommented in ssl.conf file. Otherwise should be given in ssl.conf file as the following:
In order to have full chain for SSL certificate, the intermediate/Root certificate needs to be added. To do so, I did the following in hestia and vesta and Grade of SSL changed from B->A per the following website: https://www.ssllabs.com/ssltest/
Instructions: 1-Download the certificates by giving the Id number of the certificate to the provided cert manager website (https://cert-manager.com/customer/InCommon/). since PEGR is working with Apache download the following two: A) "as Certificate only, PEM encode" for server certificate B) "Intermediate(s)/Root only, PEM encoded" for intermediate and root certificate
2- Copy those files to '/etc/pki/tls/certs/' in PEGR machine
3- Open '/etc/httpd/conf.d/ssl.conf' and provide the address of 'server' and 'intermediate and root' certificates to the ssl.conf file as the following: SSLCertificateFile /etc/pki/tls/certs/hestia_cac_cornell_edu_cert-1.cer SSLCertificateChainFile /etc/pki/tls/certs/hestia_cac_cornell_edu_interm.cer
**Please note that the server key should also be already uncommented in ssl.conf file. Otherwise should be given in ssl.conf file as the following:
SSLCertificateKeyFile /etc/pki/tls/private/myserver.key