How to resolve website SSL certificate contains anchor warning | JQiT Blog
14031
post-template-default,single,single-post,postid-14031,single-format-standard,bridge-core-1.0.5,ajax_fade,page_not_loaded,,qode_grid_1300,footer_responsive_adv,qode-child-theme-ver-1.0.0,qode-theme-ver-18.1,qode-theme-bridge,wpb-js-composer js-comp-ver-6.0.2,vc_responsive

How to resolve website SSL certificate contains anchor warning

How to resolve website SSL certificate contains anchor warning

When it comes to business website, Search Engine Optimization (SEO) is most efficient way to promote the business website, and get the potential business in.

One of the factor to improve SEO is SSL encrypt your website, make your site HTTPS

Today HTTPS is already become a website standard, not just for commercial site, but also for any type business website.

When we upload the SSL from public certificate authority, like Godaddy, it is always recommended to upload the certificate chain onto your web server as well to ensure the most compatibility.

However, uploading the whole certificate chain is not a best practise. because it contains the public root certificate. The recommended way is just upload the intermediate certificate rather than the whole certificate chain.

clip_image002

If the whole certificate chain has been uploaded, when you run the website certificate test from SSLLabs, you will see below warning message:

Chain issues: Contains anchor

clip_image004

Above is not a error message, just a warning message because it it just not best practise, but there’s no impact.

How to fix?

Simply follow below:

1. Locate the certificate configuration on your web server.

My web server is hosting on Apache on Amazon AWS EC2 platform, the certificate configuration is stored in below file

/etc/httpd/conf.d/ssl.conf

clip_image006

You can always find more details from Configure Apache Web Server on Amazon Linux to use SSL/TLS

2. Replace the certificate chain .crt file by intermediate certificate ONLY

For Godaddy intermediate certificate, you can always download from here

Note: the default certificate chain downloaded from Godaddy is the whole certificate chain, included the root certificate.

image

Make sure we download the “GoDaddy Secure Server Certificate (Intermediate Certificate)”

3. Rerun the certificate test

image