Chained SSL/TLS Certificates: Expiration Shows "Could not determine expiration" and Certificate Details Are Unclear #3363
Description
What problem will this feature address?
When a chained TLS certificate (a PEM bundle containing the leaf certificate followed by one or more intermediate CA certificates) is uploaded, Dokploy displays:
"Could not determine expiration"
instead of showing the actual expiration date of the leaf certificate. Additionally, the certificate details view only shows a generic title (e.g., filename or label) and omits essential information such as:
- Common Name (CN)
- Subject Alternative Names (SANs)
- Issuer
- Chain structure or number of certificates
This makes it difficult to validate or manage custom or enterprise-issued certificates.
To Reproduce
- Create a PEM file with a full chain:
-----BEGIN CERTIFICATE----- (your leaf/server certificate) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (intermediate CA certificate) -----END CERTIFICATE----- - Upload it via the Certificates section in the Dokploy UI.
- Observe that the expiration field shows: "Could not determine expiration".
- Notice that no detailed metadata (CN, SANs, etc.) is displayed—only a basic label.
Screenshot
Describe the solution you'd like
- Dokploy should parse the first certificate in the PEM bundle (the leaf cert) and correctly extract and display its
Not After(expiration) date. - The certificate detail panel should show meaningful fields, including:
- Common Name
- SANs
- Validity period (start and end)
- Indicator that a chain is present (e.g., “2 certificates loaded”)
Describe alternatives you've considered
Additional context
This issue impacts users who use private CAs, internal PKI, or certificates that require intermediate bundles (common in enterprise environments). The underlying certificate parser likely fails to isolate the leaf certificate when multiple -----BEGIN CERTIFICATE----- blocks are present.
Dokploy version: 0.26.2
Will you send a PR to implement it?
Yes