meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
ssl:openssl [2017/02/20 16:25] niziakssl:openssl [2025/01/11 14:19] (current) niziak
Line 1: Line 1:
 +====== OpenSSL ======
 +
 ====== RSA keys ====== ====== RSA keys ======
 <code bash>openssl genrsa -des3 -out private.pem 2048</code> <code bash>openssl genrsa -des3 -out private.pem 2048</code>
Line 54: Line 56:
  
 === Server certificate chain === === Server certificate chain ===
 +
 +[[https://www.rfc-editor.org/rfc/rfc4346#section-7.4.2|RFC 4346]]
 +<code>
 +  certificate_list
 +    This is a sequence (chain) of X.509v3 certificates.  The sender's
 +    certificate must come first in the list.  Each following
 +    certificate must directly certify the one preceding it.  Because
 +    certificate validation requires that root keys be distributed
 +    independently, the self-signed certificate that specifies the root
 +    certificate authority may optionally be omitted from the chain,
 +    under the assumption that the remote end must already possess it
 +    in order to validate it in any case.
 +</code>
 +
 +
 It is required to put not only site certificate in your web server configuration, but also provide intermediate certificate chain. It is required to put not only site certificate in your web server configuration, but also provide intermediate certificate chain.
 If your server certificate is in PEM format (text), additional certificates can be simply concatenated. If your server certificate is in PEM format (text), additional certificates can be simply concatenated.