[Date Prev][Date Next]
Re: CA and Intermediate Certificates
Andrew Devenish-Meares <firstname.lastname@example.org> writes:
> We're currently starting to migrate our certificates to AusCERT, as we
> get a good deal as a University. As AusCERT is an intermediate CA, so
> we need to use a chain to get this to work.
> This means that we need to install the intermediate certificate on
> clients that connect to our LDAP using SSL or TLS. Admittedly this
> isn't vastly different to what we need to do now in supplying our own CA.
You have to put the chain leading to the well-known root CA into your
server certificate file:
[your server cert]
[the intermediate certificate (issuer of your server cert)]
[possible other intermediate certificate (issuer of your intermediate cert)]
You may include the well-known root CA at the end (as the final issuer),
but that is not necessary, as that certificate must be present and
trusted on the client systems anyway.