shrpx does not send entire certificate chain?

[rcarmo]

I've been testing shrpx with Chrome and Firefox, and Firefox is complaining about the SSL certificate. From what I can understand, shrpx appears not to be sending the full certificate chain (even though I've pointed it to a file where I concatenated the site certificate, the intermediate certificate and the ca certificate).

What I can see in Firefox is that it receives the site certificate only.

Do I need to do anything special to get this to work?

[tatsuhiro-t]

I used OpenSSL function SSL_CTX_use_certificate_file() which only loads first cert in the file. Now I replaced its use with SSL_CTX_use_certificate_chain_file(), which loads cert chain from the file. Quotes from the manpage:

       SSL_CTX_use_certificate_chain_file() loads a certificate chain from
       file into ctx. The certificates must be in PEM format and must be
       sorted starting with the subject's certificate (actual client or server
       certificate), followed by intermediate CA certificates if applicable,
       and ending at the highest level (root) CA.  There is no corresponding
       function working on a single SSL object.

[rcarmo]

Thanks. I'll rebuild and have another go ASAP.

[rcarmo]

Works fine now - the chain is being sent correctly. Firefox is still complaining about SSL errors, but it appears to be regarding mixed secure/insecure content, so the issue is closed as far as I'm concerned.

Many thanks for the prompt fix.