Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
en:certificates [2017/12/04 15:47] – Silke Meyer | en:certificates [2017/12/04 15:51] – [The SSL certificate chain on your webserver] Silke Meyer | ||
---|---|---|---|
Line 44: | Line 44: | ||
* You need a file containing the private key. On a linux machine, it should be something like / | * You need a file containing the private key. On a linux machine, it should be something like / | ||
* Create a third file containing the complete chain, e.g. / | * Create a third file containing the complete chain, e.g. / | ||
- | * the server certificate | + | |
- | | + | * one or more matching intermediate certificates |
- | | + | * the CA's root certificate |
These certificates are appended to the file in this order. You may add comments in between (beginning with a "#" | These certificates are appended to the file in this order. You may add comments in between (beginning with a "#" | ||
Line 55: | Line 55: | ||
6ded7378 | 6ded7378 | ||
</ | </ | ||
- | * Check the hash of the first intermediate certificate. | + | * Check the hash of the first intermediate certificate. |
< | < | ||
$ openssl x509 -in intermediate1.pem -noout -hash | $ openssl x509 -in intermediate1.pem -noout -hash | ||
Line 67: | Line 67: | ||
If there is another intermediate certificate, | If there is another intermediate certificate, | ||
- | If you use the Apache webserver, point the SSLCACertificateFile directive to your chain file. (See the example configuration on [[de: | + | If you use the Apache webserver, point the SSLCACertificateFile directive to your chain file. (See the example configuration on [[de: |
Once you have added you certificate chain, adapted your configuration and activated it you can verify it with OpenSSL: | Once you have added you certificate chain, adapted your configuration and activated it you can verify it with OpenSSL: | ||
Line 73: | Line 73: | ||
$ openssl s_client -connect idp.domain.tld: | $ openssl s_client -connect idp.domain.tld: | ||
</ | </ | ||
- | Below you can the answer of dfn.de' | + | Below you can see the answer of dfn.de' |
**Next step:** [[en: | **Next step:** [[en: |