CA Root doesn't accept

1. The problem I’m having:

I push the CA Root caddy’s certificate via GPO and certificate is in trust center of each computer but the certificat still show as not secure. If I push the intermediaire certificate, it works…

2. Error messages and/or full log output:

Certificate not trust on browser

3. Caddy version:

V2.7.6

4. How I installed and ran Caddy:

Via sc.exe and service create properly

a. System environment:

Windows 2008 ou 2012 R2

b. Command:

caddy_windows_amd64.ex(e) reverse-proxy --from server.domain.local --to server.domain.local --disable-redirects

c. Service/unit/compose file:

N/A

d. My complete Caddy config:

Only simple reverse procy

Browsers have their own trust stores now. You need to add it to the browser’s trust store as well.

If I push the intermédiaire certificat throught GPO, it works. Is this a normal ?

I don’t know what GPO is.

Group Policy Domain, but anyway, if I install throught Windows MMC intermédiaire certificat, it works. If I install ROOT certificat, it doens’t work.

Hi, any update on why the final Certificate is not recognize while CA Root is in trust store ?

This is more a question about Windows and HTTP clients running on Windows, and less about Caddy and your server.

I’m not an expert in Windows policy stuff, so I don’t have an answer for you.

Ok, I test to proxy from multiple server to serverFinal and only one works…

This is my commands lauch on each server :slight_smile:

On server 1 Windows Server 2012 R2 : That’s Work
caddy_windows_amd64.exe reverse-proxy --internal-certs --from server1.domain.local --to ServerFinal.domain.local --disable-redirects

On server 2 Windows Server 2019 : Doesn’t work
caddy_windows_amd64.exe reverse-proxy --internal-certs --from server2.domain.local --to ServerFinal.domain.local --disable-redirects

On server final (web) Windows 2008 R2 : Doesn’t work
caddy_windows_amd64.exe reverse-proxy --internal-certs --from ServerFinal.domain.local --to ServerFInal.domain.local --disable-redirects

Is caddy on widows needed any .net framework or other ?

Not at all. Caddy is written in Go, it’s a fully statically compiled program with no dependencies.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.