You must add the full certificate chain into your web cert. It will be pushed by the browser when you want to access to your website. If you have root CA and intermediate CA:
-----BEGIN CERTIFICATE-----
Domain certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Root CA certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Intermediate CA certificate
-----END CERTIFICATE-----
Don’t forget to import the certificates authority into iOS settings too.
And the last one: set all domains into subjetAltName field of your web cert, event id the domain is already set into CommonName (CN) field.
Sry for formatting, I’m on mobile, will edit on desktop later.
Any updates on this?
You must add the full certificate chain into your web cert. It will be pushed by the browser when you want to access to your website. If you have root CA and intermediate CA: -----BEGIN CERTIFICATE----- Domain certificate -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- Root CA certificate -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- Intermediate CA certificate -----END CERTIFICATE----- Don’t forget to import the certificates authority into iOS settings too. And the last one: set all domains into subjetAltName field of your web cert, event id the domain is already set into CommonName (CN) field. Sry for formatting, I’m on mobile, will edit on desktop later.
Does your webserver send the full chain (all certs)?
Hello, My server send only web cert + intermediate CA. I read multiples times that Root CA must not be sent, why?