Azure website intermediate certificate not provided?

I have uploaded a PFX file into the Azure portal including the entire certificate path with all intermediate certificates (of which there are two). However, Azure fails to pass one of these to clients (browsers) so these fail to validate the certificate. Here's the certification path:

And here's the certificate as seen by a browser visiting my website:

As you can see, while the QuoVadis CSP - PKI Overheid CA - G2 certificate is provided, the path is incomplete since Staat der Nederlanden Organisatie CA - G2 is missing.

I'm sure the PFX isn't the problem, a simple certutil -dump shows the entire chain is there.

Does anyone know if I'm doing something wrong and if so, what?

Answers


I think that QuoVadis CSP intermediate cert is mis-configured. They are using a SSL address on their AIA extension. If they simply fix that to use HTTP instead, to point to the issuer CRL, then it should work for you.

The AIA setting they have pointing to this HTTPS address... if you browse to that path in the browser you'll see that the SSL cert on that address also uses the same cert chain and uses same QuoVadis CSP intermediate cert with same SSL url in the AIA extension, thus pointing to itself... possibly causing headaches for cert trust chain building logic not coded to protect against this AIA recursion.


Need Your Help

Embedding Julia in C# - passing and returning arugments

c# julia embedding

So I've been able to get the following code working fine in Visual Studio on Windows 10:

how to revert/delete/undo last two commit to svn mainline?

svn revert

I have committed my changes accidentally on mainline. Now i want to revert the last two changes committed to the svn server by me.