发表新帖
发表新帖

How does an SSL certificate chain bundle work?

后端 未结
关注
2 1630
情深已故
情深已故 2020-12-12 20:58

I\'ve created a chain hierarchy like this.

root-ca ==> signing-ca ==> subordinate-ca ==> server

It is mentioned to create chain bu

相关标签:
2条回答
  • 孤街浪徒
    2020-12-12 21:07

    The original order is in fact backwards. Certs should be followed by the issuing cert until the last cert is issued by a known root per IETF's RFC 5246 Section 7.4.2

    This is a sequence (chain) of certificates. The sender's certificate MUST come first in the list. Each following certificate MUST directly certify the one preceding it.

    See also SSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch for troubleshooting techniques.

    But I still don't know why they wrote the spec so that the order matters.

    0 讨论(0)
  • 悲哀的现实
    2020-12-12 21:16

    You need to use the openssl pkcs12 -export -chain -in server.crt -CAfile ...

    See https://www.openssl.org/docs/apps/pkcs12.html

    0 讨论(0)
 看不清?
提交回复
热议问题