When configuring a custom CNAME for a SaaS instance in the MyJFrog Portal, customers must upload their SSL/TLS certificate under the Chain of Certificate section. However, during this process, they may encounter the following error: "Chain issue detected. Possible reasons are missing intermediate certificates or wrong order of certificates." This error typically occurs when the uploaded certificate chain is incomplete or incorrectly structured, preventing proper validation. Understanding the Certificate Chain A certificate chain ensures trust between a server and its clients, consisting of: Server Certificate – Issued for the specific domain. Intermediate Certificate(s) – Bridges the server certificate to a trusted root certificate. Root Certificate – A globally trusted certificate pre-installed in operating systems and browsers. Each certificate in the chain must be properly ordered and complete to establish trust. The server certificate, issued to your specific domain, is signed by an intermediate certificate. This intermediate certificate is, in turn, signed by a root certificate. The root certificate is pre-installed in the trusted root stores of client devices and browsers, providing the foundation of trust. This hierarchical structure guarantees that each certificate in the chain is validated by the preceding one, linking the server's identity back to a trusted authority. Resolution To properly configure the JFrog Certificate and establish a chain certificate feature in the MyJFrog Portal, follow these steps: Step 1: Log in to MyJFrog Portal: Access the MyJFrog Portal and log in to the website. Step 2: Navigate to Custom Domain Name Settings: From the left-side panel, go to Settings → Select Custom Domain Name and then click on the Create New button.
Step 3: Enter Certificate Details: Provide a unique name to identify your certificate. Add the Certificate Private Key and the certificate body. Step 4: Enable Certificate Chain: To enable the certificate chain, ensure that the certificates are in the following order: First, copy the Server Certificate Next, add the CA Certificate Finally, include the Root Certificate
Note:Add one line of space between the certificates to differentiate among them. By following these steps in order, you will successfully set up the JFrog Certificate with the certificate chain feature enabled in the MyJFrog Portal.