blog/content/posts/certificates-chain-correct-order/index.md

1.4 KiB

title tags date aliases canonicalURL summary
Certificates chain correct order
Certificates
OpenSSL
Quick Note
TLS
2022-08-04T09:35:07.590872+00:00
/certificates-chain-correct-order
/certificates-chain-correct-order Certificates in a chain file should start with the “final” certificate (the cert issued to you). Each following certificate should be the issuer of the previous one.

Making honor to the name of this blog, here's a very quick note for my future self.

Certificates in a chain file should start with the "final" certificate (the cert issued to you). Each following certificate should be the issuer of the previous one.

-----BEGIN CERTIFICATE-----
... # 0
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
... # 1
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
... # 2
-----END CERTIFICATE-----
$ openssl storeutl -certs -noout -text gabnotes.org.crt | grep -E "Certificate:|: Certificate|Issuer:|Subject:"
0: Certificate
Certificate:
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Subject: CN=gabnotes.org
1: Certificate
Certificate:
        Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X1
        Subject: C=US, O=Let's Encrypt, CN=R3
2: Certificate
Certificate:
        Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3
        Subject: C=US, O=Internet Security Research Group, CN=ISRG Root X1