Re: Cannot get certificate chain to work.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10/08/14 14:35, Igor Cicimov wrote:


On Wed, Oct 8, 2014 at 6:05 PM, dE <de.techno@xxxxxxxxx> wrote:
On 10/08/14 10:19, Igor Cicimov wrote:


You can find more about openssl tool set here: https://www.openssl.org/docs/apps/s_client.html, its perfect for ssl troubleshooting.

By the way, did you import the CA_chain.pem in the browsers? 


 I thought browser only needs to have the self signed root CA. If I have intermediate.pem installed, then of course things go as expected; but this should be a certificate chain as provided by Apache.

Apache does provide the certificate chain to the client/browser but the client/browser needs something to compare it against otherwise how is it going to know to trust it or not?


issuer.pem is installed in the browser. It's provided by the root CA.

Apache should (and it does) send both intermediate.pem and server.pem so the client can link to the chain.
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux