On 2014-06-02 at 11:36 -0600, The Doctor, 3328-138 Ave Edmonton AB T5Y 1M4, 669-2000, 473-4587 wrote:
> Question:
>
> I have an intermediate cert and the 'actual' cert to install.
>
> What is the corrrect directive / protocol ?
----------------------------8< cut here >8------------------------------
41.13 Certificate chains
------------------------
The file named by tls_certificate may contain more than one certificate. This
is useful in the case where the certificate that is being sent is validated by
an intermediate certificate which the other end does not have. Multiple
certificates must be in the correct order in the file. First the host's
certificate itself, then the first intermediate certificate to validate the
issuer of the host certificate, then the next intermediate certificate to
validate the issuer of the first intermediate certificate, and so on, until
finally (optionally) the root certificate. The root certificate must already be
trusted by the recipient for validation to succeed, of course, but if it's not
preinstalled, sending the root certificate along with the rest makes it
available for the user to install if the receiving end is a client MUA that can
interact with a user.
----------------------------8< cut here >8------------------------------
--
My employer, Apcera Inc, is hiring sysadmin; primarily San Francisco:
http://www.apcera.com/jobs/#operations-engineer
(but all the mistakes in this email are made in my personal capacity)
