Help Center> Web Application Firewall> FAQs> Service Interruption Check> How Do I Fix an Incomplete Certificate Chain?
Updated on 2023-06-06 GMT+08:00

How Do I Fix an Incomplete Certificate Chain?

If the certificate provided by the certificate authority is not found in the built-in trust store on your platform and the certificate chain does not have a certificate authority, the certificate is incomplete. If you use the incomplete certificate to access the website corresponding to the protected domain name, the access will fail.

Use either of the following methods to fix it:

  • Manually build up a complete certificate chain and upload the certificate. (This function is available soon.)
  • Upload the correct certificate.

The latest Google Chrome version supports automatic verification of the trust chain. The following describes how to manually create a complete certificate chain (using a Huawei Cloud certificate as an example):

  1. Check the certificate. Click the padlock in the address bar to view the certificate status.

    Figure 1 Viewing the certificate

  2. Check the certificate chain. Click Certificate. Select the Certificate Path tab and then click the certificate name to view the certificate status. Figure 2 shows an example.

    Figure 2 Viewing the certificate chain

  3. Save the certificates to the local PC one by one.

    1. Select the certificate name and click the Details tab. Figure 3 shows an example.
      Figure 3 Details
    2. Click Copy to File, and then click Next as prompted.
    3. Select Base-64 encoded X.509 (.CER) and click Next. Figure 4 shows an example.
      Figure 4 Certificate Export Wizard

  4. Rebuild the certificate. After all certificates are exported to the local PC, open the certificate file in Notepad and rebuild the certificate according to the sequence shown in Figure 5.

    Figure 5 Certificate rebuilding

  5. Upload the certificate again.

Service Interruption Check FAQs