I am using Godaddy cert, normally I would concat the cert and make into a chained cert
cat www.example.com.crt sf_bundle.crt > chained.cert
And in my nginx.conf,
ssl_certificate chained.cert
In the browser I see the chain as below:
www.example.com
Starfield Secure Certification Authority
Starfield Technologies Inc.
That is fine, everything is working.
Today, I read a blog post form CloudFlare [1], it said:
The lowest hanging fruit in terms of reducing
the size of these certificates was to remove the
root certificates from the certificate bundle.
There's no reason to include these since they should already be
present in browsers and, even if they're not, the browser won't trust them.
So, does it mean I can remove the Starfield Technologies Inc.
without affecting the validaity of my SSL cert and I can have a better performance?
[1] http://blog.cloudflare.com/what-we-just-did-to-make-ssl-even-faster