AstaroOS: Support intermediate CAs
in Webadmin, Userportal and Web Application Security.
The intermediate CAs will not be sent by the UTM to the client, so the CA path is broken and then some Browsers will not accept the cert.
Joshua Kerekes commented
I see this as an issue as we have customers that have strict ssl polices that require a full trusted certificate chain. Because of
the UTMs lack of support for this, staff are unable to access their user portals unless an exception is it put into each browser.
This is not acceptable to the customer.
This is still not supported for at least the user portal, and is causing downgrading of my sites score in security evaluations (trey the Qualsys SSL Labs online test). Offering intermeiate certificates is a basic function of secure websites these days. It is incredible that this request has been open for nearly three years. Note that the WAF does now offer intermeiate certificates correctly.
Shawn Kovalchick (BamaPookie) commented
How is this not supported? this feature request is 3 years old and has been under review for 2.
I can't believe this has not been fixed yet! All you need to do is to add the following into httpd-webadmin.conf file (for WebAdmin):
where WebAdminChain.pem would be a file containing intermediate CA(s)
It´s affected by SPX Reply Portal too....
Here is my twick for SPX Portal, but it doesnt work with User Portal
Its a Joke! This thing ist need to be done! Request from 18.01.2012 i dont believe that!
Just chiming in to say this really needs to be done. More apparent on android devices which will show cert errors if the intermediate cert isn't provided to the client.
Kai Grunewald commented
Unbelievable that this is still not possible. Does anybody know a workaround?
We all need this to be fixed. Ten years ago, going self-signed was good enough. Since most certificates seem now to be offered using an intemediate ca, this needs to be implemented.
Rolf Müller commented
Or the other way round, if the UTM holds a intermediate ca, signed from an official one, then on sslvpn e.g. only the intermediate ca cert is used for server and client resulting in a broken cert-chain and no connection.
Please add support for all kinds of VPN-connections (Site-to-Site and Remote Access)
Karim Litefti commented
Even worse, the SSL ZIP package (available through the user portal) cannot be build for a user who has an external certificate which contains an intermediate CA.