When a customer uses "Customer Hosted CA" mode to sign the proxy certificates and if the CA is an intermediate CA, the certficate chain must also be uploaded to the portal so that the Akamai server-side SteelHead (ACSH) will include the necessary certificate chain during the SSL handshake.
For example, consider the following signing hierachy:
*.sharepoint.com > signed by "Intermediate CA-1" > signed by "Intermediate CA-2" > signed by Root CA
Uploading a proxy certficiate that is signed by an intermediate CA to the cloud portal
Solution Number:
S32546
Last Modified:
2018-07-14
Issue
Solution
In the example above, the customer should upload the signed SSL certificate (*.sharepoint.com) and include the certificate of Intermediate CA-1 and Intermediate CA-2. When uploading the certificates, the order matters.
It should be formatted in the following way:
-----BEGIN CERTIFICATE-----
*.sharepoint.com
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Intermediate CA-1
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Intermediate CA-2
-----END CERTIFICATE-----
It should be formatted in the following way:
-----BEGIN CERTIFICATE-----
*.sharepoint.com
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Intermediate CA-1
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
Intermediate CA-2
-----END CERTIFICATE-----
NOTE: There is no need to include the Root CA as the end point devices should already have that installed.
Environment
SteelHead SaaS
Related Bugs
Attachments
Related Files
NOTICE: Riverbed® product names have changed. Please refer to the Product List for a complete list of product names.
Can't find an answer? Create a case