A certificate file must contain the full chain – root CA , intermediate CA, and the origin server certificates. Broken chain certificates may cause errors to your end users, thus it is important to upload it with the complete chain.
Where Can I Find the Full Chain Certificate?
Qualys SSL Labs is an easy to use tool that allows you to run a comprehensive free SSL test for your public web servers.
Using Qualys SSL Labs, you can receive the full chain certificate and create a certificate file to upload to the Incapsula’s Management Console. This file must have one of the following formats: PFX, PEM or CER.
Follow these steps to extract the full chain certificate:
- Go to SSL Server Test
- Insert the Hostname and Run the test
- If your chain is incomplete you'll see it noted in the site's score notes
- Scroll down to Certification Paths and expand the view. Here you can see the full certificate chain.
- Click Download Chain to view the encoded certificate.
- Copy all the text and put it in a text editor of your choice.
- Save it as a PFX, PEM or CER extension.
The certificate file is now ready and you may upload it to the Incapsula’s Management Console.
Later, proceed to upload the RSA key.