PKI-Zertifikatshierarchie

596
sweb

Ich folge https://jamielinux.com/docs/openssl-certificate-authority/index.html und nach dem Erstellen von root und intermediär ca haben die Chainfile-Hierarchien wie alle anderen hier.

Hier ist das Beispiel der erwarteten Hierarchie:

enter image description here

  • Root ca Erstellung
  • Zwischenzertifizierungsstelle, erstellt und gesungen von root ca
  • Domainzertifikat erstellt und von Intermediates erstellt.

Erstellen Sie https://jamielinux.com/docs/openssl-certificate-authority/create-the-intermediate-pair.html#create-the-certificate-chain-file

Aber nach dem Import ca-chain.cert.pemvia Firefox, der Zwischen- und Wurzel enthält (genau diese Reihenfolge). Importieren Sie einfach das Zwischenprodukt.

enter image description here

enter image description here

Nach dem Import in die Browser-Website funktioniert das gut, aber es gibt keine Wurzel in der Hierarchie. Nur Zwischen- und Websitezertifizierung.

Selbst nach dem Import von root ca hat das cert keine Hierarchie wie erwartet. Was ich vermisst habe?

Wurzel ca:

Certificate: Data: Version: 3 (0x2) Serial Number: f1:61:fb:1e:9e:12:3d:1a Signature Algorithm: sha256WithRSAEncryption Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com Validity Not Before: Jan 1 00:00:00 2018 GMT Not After : Jan 1 00:00:00 2058 GMT Subject: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:dc:20:86:ef:e7:01:fe:a8:6f:72:c1:b0:19:f3: 54:4c:36:f8:c9:c3:e9:82:58:e1:40:d0:dc:94:40: 7e:81:44:bc:83:a2:60:b0:60:b5:07:db:8a:23:ba: 21:d6:b6:9e:72:fd:03:86:6c:87:92:2c:f0:f9:4c: 64:e3:42:50:e4:93:ce:49:55:ce:c6:ce:cd:36:af: 2f:d2:f8:61:21:92:2e:67:0a:57:13:7f:e5:d6:a0: 42:1e:61:46:f2:c5:f3:0d:05:19:09:93:b5:7d:6b: 23:d1:a4:ae:9d:e4:22:9e:17:f5:b8:38:11:f6:f7: 29:6c:a1:7e:b5:68:34:9d:31:b8:cb:bd:b8:fb:9a: 25:f6:96:8b:6b:21:22:38:f0:a6:b4:5a:3a:00:94: f4:de:2c:15:98:b1:82:8b:fa:f2:0e:e8:8e:2e:69: 86:0f:f6:f4:82:8d:b5:6f:00:8b:cc:3c:29:b8:2d: fa:03:c2:7f:46:c5:0b:9f:4e:ee:f5:82:d5:b2:9f: 29:3b:43:b8:0b:90:05:f6:53:68:be:f2:d2:91:f9: ec:5a:3f:83:d0:0f:49:6a:7f:d9:a3:72:d0:8f:74: a6:4b:c8:31:bd:ac:45:6b:51:c4:46:0d:aa:31:3d: 03:bb:fc:7f:50:c6:ec:57:72:84:40:a8:4f:1d:14: b6:4d:30:6c:2f:b1:69:7a:9b:1f:8f:f9:af:a3:00: df:96:df:df:e6:b9:6d:5e:bc:1e:40:e7:ee:fe:18: aa:bb:19:e5:26:9f:79:01:76:06:26:6b:43:cb:15: 41:aa:01:19:d9:11:19:7b:df:99:8c:68:8d:4b:a9: 76:3b:32:ff:68:4d:5c:0e:5d:c7:5f:ed:1a:20:f4: 68:29:0b:21:ac:79:05:9a:57:0a:54:d7:7d:06:83: f9:b5:79:09:65:fa:c2:83:6d:b6:77:3e:e0:b2:ac: 15:b4:88:22:95:64:70:27:88:50:2b:e4:2e:6f:df: f1:3c:fa:21:70:c2:bf:54:18:3e:2a:6f:2f:28:0f: d3:83:61:6c:b5:9d:5e:4f:f8:8a:3b:75:ef:e9:97: 58:98:2f:31:39:cd:dd:18:ff:fc:ce:d0:83:72:23: 4f:e1:66:a4:0b:2a:5d:44:79:e4:7b:6a:67:d5:c5: 6a:a7:c9:ff:7e:1c:1b:20:e9:18:ee:69:cd:5b:cb: f1:c3:cd:9e:62:38:f3:b0:f3:70:f8:0e:2f:c9:7b: 27:6e:5b:e4:78:b8:a2:b4:5a:26:ff:9f:bd:c6:b1: 2d:5b:a4:b3:49:17:24:68:02:be:b9:7e:c3:d5:37: ca:c3:b4:bd:1b:28:fd:70:45:4f:9e:7e:1b:2a:14: 3d:cf:f9 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: 4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F X509v3 Authority Key Identifier: keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F  X509v3 Basic Constraints: critical CA:TRUE X509v3 Issuer Alternative Name: <EMPTY>  X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign Signature Algorithm: sha256WithRSAEncryption 8a:33:b3:59:6d:30:11:d1:df:71:fa:ed:90:02:13:40:84:e0: 54:3e:88:ce:12:07:c9:29:ce:44:69:c0:e8:d4:90:e3:48:5c: 0c:6d:4f:c4:d6:af:a3:c5:86:ff:d1:93:8f:9b:b3:5e:8f:37: fa:9c:93:cd:a8:0d:71:28:91:fa:06:17:70:a4:be:7a:30:b1: 76:c3:33:f2:4b:a7:b8:ec:a7:f9:76:e9:08:cb:b3:1b:cd:a5: 5f:c6:1a:85:7c:76:d4:67:da:d4:80:6d:be:80:4b:5c:f6:d0: f8:f5:47:12:73:92:35:86:f2:76:4f:82:2c:e9:ec:1b:bf:5b: cb:fa:31:65:41:ad:6f:e6:71:76:76:46:e7:51:b2:d0:fe:77: 76:2f:49:9d:c2:79:7a:94:9b:a8:42:4e:91:bb:72:60:c6:91: e9:e6:cf:59:17:20:75:14:90:42:7c:c9:5d:27:10:b9:81:c0: a5:43:3d:0a:e0:c6:ba:7e:e9:9a:98:02:a6:bf:5d:55:2b:31: b9:0a:91:d7:f0:28:07:0b:80:e2:1c:0e:5f:c8:f8:88:17:3d: 8b:b0:b3:df:09:e3:0d:4b:1c:ed:d9:d1:8a:9a:d8:d8:b0:e6: bf:9f:1e:14:86:45:47:5a:c5:e3:90:06:b7:0a:72:60:0d:0d: 2c:bd:ce:19:57:02:09:e0:d8:6e:ed:9a:7e:d6:8d:18:42:fc: 32:54:88:c1:87:98:0b:7e:ca:dd:9a:3e:d8:5b:00:91:28:ea: 2b:35:ad:36:6c:9d:e0:cc:41:cd:e9:31:75:ec:2c:e5:5e:24: 59:cd:f6:cb:14:42:e1:b6:30:84:6e:f2:13:8a:9e:32:0e:34: 1a:4f:5d:a7:19:67:64:84:29:5f:ec:7e:18:1a:7f:0c:65:6a: 04:8a:fa:a2:2b:76:ff:1f:c4:0a:5f:1b:df:4e:6b:60:58:ae: 37:d8:b8:3b:09:fa:34:8e:6a:e2:1c:a5:c6:a5:2c:a1:22:09: 03:91:b5:16:d6:d5:60:0b:a9:c2:8d:f4:6f:2c:1e:43:60:9d: a3:8b:5c:34:ef:89:e5:93:ba:93:f8:92:96:fb:d2:f4:4b:68: ca:0a:8c:58:d4:e2:cd:8e:e4:d7:90:1c:79:6f:c7:c2:61:ae: e7:52:07:70:e2:d9:b4:59:b2:73:c4:eb:f0:39:09:3f:b3:69: c7:2e:29:28:f5:a3:cd:fb:fd:2c:6b:b6:ad:de:f4:86:c4:e7: 20:e2:fc:37:40:95:b2:11:27:48:3c:3e:1c:f9:bd:fe:d2:56: 4d:a4:21:9c:85:eb:95:f1:bb:82:72:10:1c:d5:ff:eb:78:eb: c7:5c:5f:fd:ec:0c:07:66 

Zwischenzertifizierungsstelle:

Certificate: Data: Version: 3 (0x2) Serial Number: 4096 (0x1000) Signature Algorithm: sha256WithRSAEncryption Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com Validity Not Before: Jan 1 00:00:00 2018 GMT Not After : Jan 1 00:00:00 2048 GMT Subject: C = IR, ST = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Intermediate Certificate Authority, emailAddress = iu@sample.tld.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:ad:d4:fd:41:15:a9:9e:ee:ef:09:3f:3f:54:55: b4:bc:eb:15:d7:e8:3f:3d:5c:6a:f1:6e:83:33:da: 98:d5:e8:f8:ee:a3:62:a0:5a:bd:e0:a6:b3:c3:a1: 2c:7f:80:32:e5:f7:a9:0d:e0:33:2f:16:03:bd:59: f4:47:6c:2b:6a:c3:d1:bf:a8:98:d6:1a:25:48:45: 94:cc:f4:3b:00:fa:3a:62:5f:1d:2e:e6:e3:cc:f8: 4e:78:8e:0d:93:ca:46:d9:b8:fa:45:f6:0d:8a:9d: 47:47:fe:10:1f:54:69:8c:eb:5d:71:d5:69:dc:0f: 12:9f:7b:a1:3e:e4:79:77:0b:f1:f3:33:9f:a8:75: 5c:3c:1f:38:96:c9:6f:8e:f4:b7:33:d8:51:c7:43: 42:1f:8f:7f:99:8e:d7:16:e0:cd:c8:c5:71:ac:4e: 07:c5:59:88:c6:97:55:a8:1c:ef:c8:43:30:25:7d: 8d:00:65:ab:bc:6f:d4:54:48:3b:6f:d6:e6:6f:ee: da:3a:93:73:c3:9c:79:27:3a:fe:01:8f:67:24:91: d1:92:1b:76:90:df:68:2b:8f:74:06:bd:f3:e3:96: 31:90:23:31:49:e9:76:51:ee:8f:3e:85:78:3c:99: e4:84:4d:1a:61:86:8f:22:d2:b6:90:96:f4:ca:52: c5:c7:3c:c9:cc:bd:3f:6b:56:df:df:21:0d:b3:09: 05:12:b5:37:ee:61:26:a6:0d:21:d7:52:f9:49:0d: 17:8c:44:ab:72:82:0c:db:05:33:77:67:70:bb:94: 4c:db:07:97:58:77:f2:28:95:6e:97:d2:f3:6f:fa: b9:58:23:e1:39:81:b0:c5:1c:df:7f:45:5c:b1:8f: 89:bd:b8:51:0d:6a:a5:db:9d:8f:97:05:2d:fa:3b: 15:04:67:b4:b4:b2:fd:fb:69:b9:d3:73:0c:56:79: e2:67:7a:0d:f8:6d:60:04:48:99:c4:7e:6a:8c:b0: 73:d1:70:a7:7d:0b:c5:6d:40:72:fb:58:fd:b4:46: 8c:a0:40:87:1c:23:75:1a:8a:4b:40:3b:f3:38:50: 18:3d:99:d3:2d:81:87:dc:27:22:39:36:fd:59:b9: 03:63:1c:76:ff:a8:0b:7b:8f:de:ff:6d:59:18:3e: e5:a9:0f:b8:2f:fd:52:5a:7a:e4:d4:03:4b:25:9a: 50:e5:1b:80:ce:ab:4a:04:0e:5f:a8:31:01:38:ea: 7f:1e:b5:0a:a5:65:f9:b0:c4:24:55:89:6e:8d:9e: 3a:cf:e9:9a:f5:8c:e1:1b:ee:29:2b:3b:16:51:d8: 77:fe:95:f9:15:d3:a9:61:30:bc:94:0a:7d:98:87: d2:82:6d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: A7:6C:F7:40:34:DD:ED:0E:25:46:5D:16:65:4D:8F:ED:29:E8:5E:A7 X509v3 Authority Key Identifier: keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F  X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign Signature Algorithm: sha256WithRSAEncryption d6:e5:f9:73:b4:50:98:ab:e9:6d:44:ef:4c:32:c4:88:bc:40: 3d:1c:80:a2:04:09:da:e0:3d:9d:e2:c5:2b:1d:64:7b:84:81: 4a:30:57:5a:c0:49:48:77:0b:c0:15:3e:cd:52:a9:d7:33:29: eb:95:ce:b1:a2:9b:7c:9d:ac:53:3d:a7:2c:b0:f1:a5:d2:81: c2:23:ea:bb:cd:e4:3f:e3:18:b4:70:6d:7d:23:1c:82:cc:01: 67:f9:2e:a9:8a:9e:94:ac:aa:ef:a3:9c:66:13:e7:b9:11:2f: e5:52:c2:fe:92:f6:85:3f:3d:35:ad:57:15:d9:b8:19:b8:43: 73:62:f0:5a:55:d6:f3:18:7c:9f:79:fc:11:b8:ac:f6:a7:14: e0:93:b1:9a:a8:42:1a:32:a8:36:43:87:b4:0d:76:2f:a5:ca: 66:4b:c4:cf:58:ec:c2:75:1b:32:58:8c:be:cc:b8:4a:0c:bd: 75:17:3d:b9:21:0b:e8:57:ea:84:92:e2:f8:d2:35:11:23:62: 4d:64:d0:3b:db:d5:1c:14:03:a7:ff:d9:0a:64:eb:36:2d:79: 6b:13:9f:d4:8d:08:01:86:83:10:a4:24:88:ea:6a:b4:75:07: ab:54:87:2a:b6:87:23:d9:b0:00:d4:ba:6a:1d:db:ab:49:f2: 59:40:1f:6e:32:13:15:a7:40:3d:6a:22:24:12:4e:47:42:37: 9c:27:f5:d2:93:3f:40:77:f8:c5:db:9b:f0:92:15:51:74:0d: 5b:3c:f5:8b:a1:9c:39:f9:8b:41:3a:7b:57:00:31:d6:ca:e1: 5f:ef:54:7d:69:ba:2f:ce:52:6f:77:f6:b6:2c:c8:d8:d5:bc: c9:99:d1:5a:5e:0f:b7:a4:24:09:58:07:af:bf:bc:1b:42:7b: 9c:31:22:5a:b8:bb:24:24:af:5b:5e:f5:a3:48:b1:bb:5c:ed: 86:87:70:af:10:6c:4e:34:d1:3e:2d:03:a8:4a:bf:67:1c:c6: 61:18:b1:82:75:5b:a0:b2:2f:1e:8d:f8:6a:bd:47:53:94:b2: 2c:93:74:c4:d6:d0:28:42:cf:4b:2f:61:81:86:42:53:ce:2f: 6b:e2:8e:aa:bf:9e:d1:9d:6a:2a:d3:83:0b:c0:df:fc:19:f3: 58:a0:ed:14:65:0f:87:9d:53:0b:d0:8d:fe:bb:97:8c:97:84: f8:d4:c0:2c:99:44:99:83:3f:6d:d4:e9:c5:b0:8d:b9:df:d7: 5c:d3:fd:b9:90:36:1f:83:ba:53:dd:d0:8a:c6:a1:85:85:39: af:6b:9b:da:c3:1c:27:f3:3d:94:af:65:12:07:98:f5:5d:de: 1a:d3:32:15:7a:d7:f7:63 

Ketten-CA:

Certificate: Data: Version: 3 (0x2) Serial Number: 4096 (0x1000) Signature Algorithm: sha256WithRSAEncryption Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com Validity Not Before: Jan 1 00:00:00 2018 GMT Not After : Jan 1 00:00:00 2048 GMT Subject: C = IR, ST = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Intermediate Certificate Authority, emailAddress = iu@sample.tld.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:ad:d4:fd:41:15:a9:9e:ee:ef:09:3f:3f:54:55: b4:bc:eb:15:d7:e8:3f:3d:5c:6a:f1:6e:83:33:da: 98:d5:e8:f8:ee:a3:62:a0:5a:bd:e0:a6:b3:c3:a1: 2c:7f:80:32:e5:f7:a9:0d:e0:33:2f:16:03:bd:59: f4:47:6c:2b:6a:c3:d1:bf:a8:98:d6:1a:25:48:45: 94:cc:f4:3b:00:fa:3a:62:5f:1d:2e:e6:e3:cc:f8: 4e:78:8e:0d:93:ca:46:d9:b8:fa:45:f6:0d:8a:9d: 47:47:fe:10:1f:54:69:8c:eb:5d:71:d5:69:dc:0f: 12:9f:7b:a1:3e:e4:79:77:0b:f1:f3:33:9f:a8:75: 5c:3c:1f:38:96:c9:6f:8e:f4:b7:33:d8:51:c7:43: 42:1f:8f:7f:99:8e:d7:16:e0:cd:c8:c5:71:ac:4e: 07:c5:59:88:c6:97:55:a8:1c:ef:c8:43:30:25:7d: 8d:00:65:ab:bc:6f:d4:54:48:3b:6f:d6:e6:6f:ee: da:3a:93:73:c3:9c:79:27:3a:fe:01:8f:67:24:91: d1:92:1b:76:90:df:68:2b:8f:74:06:bd:f3:e3:96: 31:90:23:31:49:e9:76:51:ee:8f:3e:85:78:3c:99: e4:84:4d:1a:61:86:8f:22:d2:b6:90:96:f4:ca:52: c5:c7:3c:c9:cc:bd:3f:6b:56:df:df:21:0d:b3:09: 05:12:b5:37:ee:61:26:a6:0d:21:d7:52:f9:49:0d: 17:8c:44:ab:72:82:0c:db:05:33:77:67:70:bb:94: 4c:db:07:97:58:77:f2:28:95:6e:97:d2:f3:6f:fa: b9:58:23:e1:39:81:b0:c5:1c:df:7f:45:5c:b1:8f: 89:bd:b8:51:0d:6a:a5:db:9d:8f:97:05:2d:fa:3b: 15:04:67:b4:b4:b2:fd:fb:69:b9:d3:73:0c:56:79: e2:67:7a:0d:f8:6d:60:04:48:99:c4:7e:6a:8c:b0: 73:d1:70:a7:7d:0b:c5:6d:40:72:fb:58:fd:b4:46: 8c:a0:40:87:1c:23:75:1a:8a:4b:40:3b:f3:38:50: 18:3d:99:d3:2d:81:87:dc:27:22:39:36:fd:59:b9: 03:63:1c:76:ff:a8:0b:7b:8f:de:ff:6d:59:18:3e: e5:a9:0f:b8:2f:fd:52:5a:7a:e4:d4:03:4b:25:9a: 50:e5:1b:80:ce:ab:4a:04:0e:5f:a8:31:01:38:ea: 7f:1e:b5:0a:a5:65:f9:b0:c4:24:55:89:6e:8d:9e: 3a:cf:e9:9a:f5:8c:e1:1b:ee:29:2b:3b:16:51:d8: 77:fe:95:f9:15:d3:a9:61:30:bc:94:0a:7d:98:87: d2:82:6d Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Subject Key Identifier: A7:6C:F7:40:34:DD:ED:0E:25:46:5D:16:65:4D:8F:ED:29:E8:5E:A7 X509v3 Authority Key Identifier: keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F  X509v3 Basic Constraints: critical CA:TRUE, pathlen:0 X509v3 Key Usage: critical Digital Signature, Certificate Sign, CRL Sign Signature Algorithm: sha256WithRSAEncryption d6:e5:f9:73:b4:50:98:ab:e9:6d:44:ef:4c:32:c4:88:bc:40: 3d:1c:80:a2:04:09:da:e0:3d:9d:e2:c5:2b:1d:64:7b:84:81: 4a:30:57:5a:c0:49:48:77:0b:c0:15:3e:cd:52:a9:d7:33:29: eb:95:ce:b1:a2:9b:7c:9d:ac:53:3d:a7:2c:b0:f1:a5:d2:81: c2:23:ea:bb:cd:e4:3f:e3:18:b4:70:6d:7d:23:1c:82:cc:01: 67:f9:2e:a9:8a:9e:94:ac:aa:ef:a3:9c:66:13:e7:b9:11:2f: e5:52:c2:fe:92:f6:85:3f:3d:35:ad:57:15:d9:b8:19:b8:43: 73:62:f0:5a:55:d6:f3:18:7c:9f:79:fc:11:b8:ac:f6:a7:14: e0:93:b1:9a:a8:42:1a:32:a8:36:43:87:b4:0d:76:2f:a5:ca: 66:4b:c4:cf:58:ec:c2:75:1b:32:58:8c:be:cc:b8:4a:0c:bd: 75:17:3d:b9:21:0b:e8:57:ea:84:92:e2:f8:d2:35:11:23:62: 4d:64:d0:3b:db:d5:1c:14:03:a7:ff:d9:0a:64:eb:36:2d:79: 6b:13:9f:d4:8d:08:01:86:83:10:a4:24:88:ea:6a:b4:75:07: ab:54:87:2a:b6:87:23:d9:b0:00:d4:ba:6a:1d:db:ab:49:f2: 59:40:1f:6e:32:13:15:a7:40:3d:6a:22:24:12:4e:47:42:37: 9c:27:f5:d2:93:3f:40:77:f8:c5:db:9b:f0:92:15:51:74:0d: 5b:3c:f5:8b:a1:9c:39:f9:8b:41:3a:7b:57:00:31:d6:ca:e1: 5f:ef:54:7d:69:ba:2f:ce:52:6f:77:f6:b6:2c:c8:d8:d5:bc: c9:99:d1:5a:5e:0f:b7:a4:24:09:58:07:af:bf:bc:1b:42:7b: 9c:31:22:5a:b8:bb:24:24:af:5b:5e:f5:a3:48:b1:bb:5c:ed: 86:87:70:af:10:6c:4e:34:d1:3e:2d:03:a8:4a:bf:67:1c:c6: 61:18:b1:82:75:5b:a0:b2:2f:1e:8d:f8:6a:bd:47:53:94:b2: 2c:93:74:c4:d6:d0:28:42:cf:4b:2f:61:81:86:42:53:ce:2f: 6b:e2:8e:aa:bf:9e:d1:9d:6a:2a:d3:83:0b:c0:df:fc:19:f3: 58:a0:ed:14:65:0f:87:9d:53:0b:d0:8d:fe:bb:97:8c:97:84: f8:d4:c0:2c:99:44:99:83:3f:6d:d4:e9:c5:b0:8d:b9:df:d7: 5c:d3:fd:b9:90:36:1f:83:ba:53:dd:d0:8a:c6:a1:85:85:39: af:6b:9b:da:c3:1c:27:f3:3d:94:af:65:12:07:98:f5:5d:de: 1a:d3:32:15:7a:d7:f7:63 
0
`openssl x509 -noout -text -in `gibt Ihnen eine bessere Ansicht Ihrer Zertifikate als ein Bild. Kopieren Sie die Ausgabe für alle Ihre Zertifikate in Ihre Frage. garethTheRed vor 5 Jahren 1
@garethTheRed hinzugefügt. sweb vor 5 Jahren 0
Sie fügen das Root-CA-Zertifikat nur Firefox (oder einem anderen Browser und / oder Betriebssystem) hinzu. Alle anderen Zertifikate werden zuerst zur Bundle-Endentität hinzugefügt, gefolgt von der Zertifizierungsstelle, die sie signiert hat, gefolgt von der Zertifizierungsstelle, die diese signiert hat, bis zur letzten Zwischenzertifizierungsstelle. Es ist nicht erforderlich, die Stammzertifizierungsstelle hier hinzuzufügen, da sie in Firefox (oder ähnlichem) installiert ist. Dieses Bundle wird dann auf Ihrem Webserver installiert. garethTheRed vor 5 Jahren 2

1 Antwort auf die Frage

0
sweb

Der HTTP-Server muss eine Kette von domainund intermediateals Kette eines serverseitigen Zertifikats haben.

cat certs/intermediate/certs/domain.cert.pem \  certs/intermediate/certs/intermediate.cert.pem > webserver.cert.pem 

Das ist nicht dokumentiert.