We’ve just trying to export PFX format certificate to PEM format using openssl.exe (to be able to use it with Caddy server). The problem is that resulting .pem file contains unnecessary root certificate (moreover in bad order) so SSL Labs Report says:
Chain issue: Incorrect order, Contains anchor
The command-line we use:
openssl.exe pkcs12 -in certificate.pfx -nocerts -out certificate.key.pem
openssl.exe pkcs12 -in certificate.pfx -nokeys -out certificate.pem
The only solution we’ve found is to manually edit the certificate.pem file and remove the unnecessary root certificate block from that. After that SSL Labs Report doesn’t complain about chain issue and everything with Caddy server looks fine.
But manual text file edit doesn’t seem to be clear solution. Any ideas how to export only my own certificate together with intermediate (and without root) certificate?
