Hello, my website has an official SSL certificate, which I renewed this year to have a SHA-256 certificate; when I test my site with SSLLabs.com, I'm shows two certificate paths: the first one: my SSL cert (SHA-256) sent by server (SHA1 Fingerprint: 0fae9fd23852fb834fe4f32d7d3c73714daa6aa9) the intermediate (SHA-256) sent by server (SHA1 Fingerprint: 064969b7f4d6a74fd098be59d379fae429a906fb) the self-signed (SHA-256) in trust store (SHA1 Fingerprint: a3f1333fe242bfcfc5d14e8f394298406810d1a0) the second one: my SSL cert (SHA-256) sent by server (SHA1 Fingerprint: 0fae9fd23852fb834fe4f32d7d3c73714daa6aa9) the intermediate (SHA-256) sent by server (SHA1 Fingerprint: 064969b7f4d6a74fd098be59d379fae429a906fb) the self-signed (SHA-1) in trust store (SHA1 Fingerprint: 3e2bf7f2031b96f38ce6c4d8a85d3e2d58476a0f) before I renewed the SSL certificate, my server sent a intermediate with SHA-1, I just exchanged this intermediate certificate with a SHA-256 cert. exchange the intermediate cert to one with SHA-256, with this I had this situation: before exchange intermediate, path one: my SSL cert (SHA-1) sent by server (SHA1 Fingerprint: ...) the intermediate (SHA-1) sent by server (SHA1 Fingerprint: ...) the self-signed (SHA-256) in trust store (SHA1 Fingerprint: a3f1333fe242bfcfc5d14e8f394298406810d1a0) before exchange intermediate, path two: my SSL cert (SHA-1) sent by server (SHA1 Fingerprint: ...) the intermediate (SHA-1) sent by server (SHA1 Fingerprint: ...) the self-signed (SHA-1) in trust store (SHA1 Fingerprint: 3e2bf7f2031b96f38ce6c4d8a85d3e2d58476a0f) after exchange intermediate, path one: my SSL cert (SHA-1) sent by server (SHA1 Fingerprint: ...) the intermediate (SHA-256) sent by server (SHA1 Fingerprint: 064969b7f4d6a74fd098be59d379fae429a906fb) the self-signed (SHA-256) in trust store (SHA1 Fingerprint: a3f1333fe242bfcfc5d14e8f394298406810d1a0) after exchange intermediate, path two: my SSL cert (SHA-1) sent by server (SHA1 Fingerprint: ...) the intermediate (SHA-256) sent by server (SHA1 Fingerprint: 064969b7f4d6a74fd098be59d379fae429a906fb) the self-signed (SHA-1) in trust store (SHA1 Fingerprint: 3e2bf7f2031b96f38ce6c4d8a85d3e2d58476a0f) now my question how would it be possible to generate a SSL certificate that can be used with two different certificate paths? Thanks, Walter -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4312 bytes Desc: S/MIME Cryptographic Signature URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151205/d1302dc9/attachment.bin>
