[ale] SSL Certificates

Michael H. Warfield mhw at WittsEnd.com
Thu Sep 20 17:16:15 EDT 2012


On Thu, 2012-09-20 at 16:25 -0400, Ben Coleman wrote:
> I've played with the free StartCom Level 1, but have been a little put
> off by having to put intermediate certificates in the browser or email
> client to have the certificates recognized.  Is this also true at Level
> 2, or is there a way around it?

1) Yes this is the norm.  Intermediate certs are not part of the
intrinsic root store.  The CA's are free to expire and rotate their
intermediate certs as they wish and they deliver those certs out with
the certs they sign.  If you received an intermediate cert for a cert
you received from a CA, then you ARE expected to install that cert along
with your cert.

2) The intermediate certs should be installed where ever the certificate
is served from.  You should not have to install them in the browser,
they should be served from the web server.  If you're using them for
S/Mime E-Mail then you probably need to install them on your MUA where
you are generating the S/Mime messages.

> Ben

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 482 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20120920/436b3bba/attachment.bin 


More information about the Ale mailing list