Posit Open Source
Resources

Enabling SSL SERIES 3/4: SSL Certs Chain Full vs Parial

This series of videos walks through SSL Certificate Management with Posit products. • Creating an SSL Cert: In this video, we walk through the process of creating an SSL certificate. • Trusted CA Store: In this video, we discuss the trusted certificate store on your Linux server. • SSL Certs Chain Full vs Partial: In this video, we walk through the process of ensuring that your SSL certificate chain is complete. • SSL Cert File Permissions: In this video, we walk through the process of verifying the correct file permissions on your SSL certificate

Dec 15, 2025
2 min

image: thumbnail.jpg

Transcript#

This transcript was generated automatically and may contain errors.

Hey everyone, my name is Cecil and I'm here with my colleague Jay and we're from the Posit support team and today we're going to be talking a little bit about SSL certificates and SSL certificate chains.

So just for some context, this is a host that we've created with Posit teams and there is Workbench, Kinect, and Package Manager installed. Workbench has a CA-signed certificate, signed by Let's Encrypt, and Kinect has a self-signed certificate.

Using OpenSSL to check the certificate chain

So there's a nifty command that uses the OpenSSL utility which will allow you to see if your certificate chain is complete or not. So I've got that pre-prepared and I'll paste it in but effectively we use the OpenSSL command and we paste in the URL of the host that we want to test. In this case, we'll test Kinect which has the incomplete certificate.

So if we hit enter there, you'll notice that the verify return code is the most important part. This should return a zero but as you see here, it returns an 18 because this is a self-signed certificate. So if we scroll up a little bit, we can see that there's only one certificate in this chain whereas with Workbench, if we were to run the same command for Workbench, you'll notice that the verify return code is zero and it returns okay but there are more parts to the SSL certificate chain.

Full certificate chains

So this is a Let's Encrypt certificate that typically you don't share your specific certificate like this. This host will be deleted after this video but typically what it looks like is you'll see either two or three different parts of the certificate to the chain and in most cases they should be concatenated into the single file. As long as you're running this command and seeing the return okay, in most cases you know your certificate file is set up well.

As long as you're running this command and seeing the return okay, in most cases you know your certificate file is set up well.