Hello
I tried to find out if anyone else in this Forum had run into this in the past but couldn't find any previous post about this in relation to ADFS so here goes:
I just performed a Qualys SSL Labs scan on my ADFS WAPs (https://www.ssllabs.com/ssltest/index.html).
Qualys tells me that the certificate chain is incomplete thus degrades the grade for my ADFS WAPs to grade B.
The certificate I use is issued by Symantec and chains to another Symantec Intermediate CA certificate (Symantec Class 3 Secure Server SHA256 SSL CA) which in turn chains to the Symantec Root CA certificate (VeriSign Universal Root Certification Authority).
I have these certificates installed on all ADFS WAPs in the "Computer Account" Certificate Store.
Symantec Class 3 Secure Server SHA256 SSL CA is in the Intermediate Certification Authorities/Certificates folder and
VeriSign Universal Root Certification Authority is in the Trusted Root Certification Authorities/certificates folder.
ADFS WAPs are fine and show no problems/error with regard to the chain.
Am I missing something? Why is Qualys complaining about the chain being incomplete?
It displays all three certificates:
1. Symantec ADFS WAP Certificate for HTTPS/SSL/TLS - "Sent by Server"
2. Symantec Intermediate CA Certificate - "Extra download"
3. Symantec Root CA certificate - "In Trust Store"
