[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: CA and Intermediate Certificates



--On Thursday, August 14, 2014 12:52 PM -0700 Chris Jacobs <Chris.Jacobs@apollo.edu> wrote:

It's a matter of preference.
Those 'huge clunky files' are easy to parse from the command line. When
it's time to renew the cert, I can simply update the parts that were
updated (usually just the host cert) rather than having to generate a new
hash.

I understand where you're coming from, but I prefer this way. It really
is easier to trace/fix/replace.

Or perhaps I'm misunderstanding you.

You don't hash host certs at all. Just CA certs. Unless the CA redoes its cert chain, you don't have to do anything when updating the host cert.

--Quanah


--

Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration