For When You Can't Have The Real Thing
[ start | index | login ]
start > SSL Certificate Bundles

SSL Certificate Bundles

Created by dave. Last edited by dave, 269 days ago. Viewed 306 times. #1
[edit] [rdf]

Creating Certificate Bundles With CA Intermediate Certificates

the order of certificates in the file is important. RFC 4346 for TLS 1.1 states:

This is a sequence (chain) of X.509v3 certificates. The sender's certificate must come first in the list. Each following certificate must directly certify the one preceding it.

Thus the order is:

  1. Your domain's certificate
  2. Vendor's intermediate certificate that certifies (1)
  3. Vendor's intermediate certificate that certifies (2)
… n. Vendor's root certificate that certifies (n-1). Optional, because it should be contained in client's CA store.
no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful: | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt