On 05.12.2015 20:20, Viktor Dukhovni wrote: > On Sat, Dec 05, 2015 at 07:55:50PM +0100, Walter H. wrote: > >> my website has an official SSL certificate, which I renewed this year to >> have a SHA-256 certificate; >> when I test my site with SSLLabs.com, I'm shows two certificate paths: >> >> the first one: >> my SSL cert (SHA-256) sent by server >> the intermediate (SHA-256) sent by server (SHA1 Fingerprint: >> 064969b7f4d6a74fd098be59d379fae429a906fb) >> the self-signed (SHA-256) in trust store (SHA1 Fingerprint: >> a3f1333fe242bfcfc5d14e8f394298406810d1a0) > All this obfuscation is rather pointless (and annoying), please > just post the certificates. take these examples https://www.ssllabs.com/ssltest/analyze.html?d=fibot.creditplus.de https://www.ssllabs.com/ssltest/analyze.html?d=sixxs.net they both have two certificate paths, especially the of sixxs.net would be interesting if someone can explain, one path has 3 certs and the other path 4 certs ... >> now my question how would it be possible to generate a SSL certificate that >> can be used with two different certificate paths? > There are two versions of one of the issuer certificates. the certificate that issued the SSL cert. is the same in both samples above; only the root CA cert is different, how would I generate such a situation? -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4312 bytes Desc: S/MIME Cryptographic Signature URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151205/8a3545da/attachment-0001.bin>
