CA Root Certificate not trusted - how to add a chain

Hi -

I have my site up and running after porting from Adobe CF so all good so far but as I look to move to production i’m having a problem getting SSL to play happy with my self signed certificate from my organisation.

If i stop the site in CB and simply bind port 443 in IIS then I can load a simple html test page using https with no errors reported and the certificate recognised. I have added the server cert and the CA Root Certificate for the issuer (my org) to the window certificates store.

Is there a way to get CB to recognise the existing CA Root certificate in the windows store or is there a way (command) to configure it to to use the CA Root certificate saved to file space
server set web.SSL.chainFile=C:\SSLCerts\myOrgsCARootCert.pem

I’ve trawled the web but no luck - maybe i’m searching for the wrong thing!



I’m not clear on what you’re doing. Are you wanting IIS to serve your SSL traffic or CommandBox? It sounds like you’re talking about both.

I was trying to get CommandBox to server the SSL traffic but struggled with that so to prove the certs and everything else was ok I enabled IIS to server the SSL as a test - that all worked. I’ve now removed the IIS port 443 binding and i’m back to trying to get CommandBox to server the SSL using the relevant certs.

If there is a way to get IIS to serve my site (running in commandbox) over SSL then I’m happy with that approach but I hadn’t picked up that was an option.



CommandBox is more limited in what types of certs it will use. I never use that feature so I’m a bit rusty on it.

There’s some more details here:

Yes, you can put CommandBox behind IIS too if you wish:

Thanks Brad,

I managed to reconfigure things to use IIS at the front with the certificate configured then backend to Commandbox using the BonCode connector which worked a treat.