Overview

From time to time you (the supplier) may notify Unimarket or your customers that you are updating an expiring SSL certificate used by your punchout (roundtrip) or order integration. Please note that certificates do not need to be manually shared with Unimarket if your server is configured correctly because intermediate web certificates are dynamically served, removing the need for manual configuration.

If you experience problems, then we have outlined a common issue below, together with a testing tool.

Common Supplier Configuration Issue

A common supplier configuration problem can occur when deploying a server with a valid certificate, but without all the necessary intermediate certificates installed. An invalid certificate chain effectively renders the server certificate invalid and results in browser warnings. This problem is often difficult to diagnose because some web browsers can reconstruct incomplete chains and some cannot. All browsers tend to cache and reuse intermediate certificates which also leads to issues.

To avoid this situation, we suggest that you use all the certificates provided by your Certificate Authority (CA).

You can check your configuration by visiting SSL labs tool here: https://globalsign.ssllabs.com/analyze.html. This tool checks many aspects of an SSL configuration and assigns the configuration an overall score. The report produced by SSL labs has many useful details and we recommend you aim for a B or higher rating. The key section is titled 'Additional Certificates (if supplied)'. If the ssllabs tool identifies any issues with the certificate chain, Unimarket will not perform manual configuration to work around such misconfigurations. However, if SSLlabs reports there are no configuration issues and the SSL is still not working and impacting connectivity, please contact us at support@unimarket.com.