blog/content/posts/certificates-chain-correct-order/index.md at 52b910a61a3ba318c0653ed95822c97ba7837cdb

gaugendre/blog

Fork 0

mirror of https://github.com/Crocmagnon/blog.git synced 2024-05-17 01:22:50 +02:00

Gabriel Augendre 52b910a61a Move to page bundles

2023-05-12 15:55:13 +02:00

1.2 KiB

Raw Blame History

title

tags

date

aliases

Certificates chain correct order

Certificates

OpenSSL

Quick Note

TLS

2022-08-04T09:35:07.590872+00:00

/certificates-chain-correct-order

Making honor to the name of this blog, here's a very quick note for my future self.

Certificates in a chain file should start with the "final" certificate (the cert issued to you). Each following certificate should be the issuer of the previous one.

-----BEGIN CERTIFICATE-----
... # 0
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
... # 1
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
... # 2
-----END CERTIFICATE-----

$ openssl storeutl -certs -noout -text gabnotes.org.crt | grep -E "Certificate:|: Certificate|Issuer:|Subject:"
0: Certificate
Certificate:
        Issuer: C=US, O=Let's Encrypt, CN=R3
        Subject: CN=gabnotes.org
1: Certificate
Certificate:
        Issuer: C=US, O=Internet Security Research Group, CN=ISRG Root X1
        Subject: C=US, O=Let's Encrypt, CN=R3
2: Certificate
Certificate:
        Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3
        Subject: C=US, O=Internet Security Research Group, CN=ISRG Root X1

1.2 KiB Raw Blame History

1.2 KiB

Raw Blame History