PKI certs hierarchy


0

Je suis https://jamielinux.com/docs/openssl-certificate-authority/index.html et après avoir créé la racine et le canal intermédiaire, la chaîne dos dos dosnt a une hiérarchie comme les autres.

Voici l'échantillon de la hiérarchie attendue:

entrez la description de l'image ici

  • Racine ca creation
  • Autorité de certification intermédiaire créée et chantée par la racine ca
  • cert de domaine créé et chanté par intermédiaire.

Créez https://jamielinux.com/docs/openssl-certificate-authority/create-the-intermediate-pair.html#create-the-certificate-chain-file

Mais après l’importation ca-chain.cert.pemvia Firefox qui contient intermédiaire et root (exactement cet ordre). Importez juste l’intermédiaire.

entrez la description de l'image ici

entrez la description de l'image ici

Après l’importation dans le navigateur, le site Web fonctionne bien mais il n’ya pas de racine ca dans la hiérarchie. juste intermédiaire puis certification de site Web.

Même après l'importation de la racine ca, le cert ne hiérarchie pas comme je le pensais. Qu'est-ce que j'ai manqué?

Racine ca:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            f1:61:fb:1e:9e:12:3d:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com
        Validity
            Not Before: Jan  1 00:00:00 2018 GMT
            Not After : Jan  1 00:00:00 2058 GMT
        Subject: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:dc:20:86:ef:e7:01:fe:a8:6f:72:c1:b0:19:f3:
                    54:4c:36:f8:c9:c3:e9:82:58:e1:40:d0:dc:94:40:
                    7e:81:44:bc:83:a2:60:b0:60:b5:07:db:8a:23:ba:
                    21:d6:b6:9e:72:fd:03:86:6c:87:92:2c:f0:f9:4c:
                    64:e3:42:50:e4:93:ce:49:55:ce:c6:ce:cd:36:af:
                    2f:d2:f8:61:21:92:2e:67:0a:57:13:7f:e5:d6:a0:
                    42:1e:61:46:f2:c5:f3:0d:05:19:09:93:b5:7d:6b:
                    23:d1:a4:ae:9d:e4:22:9e:17:f5:b8:38:11:f6:f7:
                    29:6c:a1:7e:b5:68:34:9d:31:b8:cb:bd:b8:fb:9a:
                    25:f6:96:8b:6b:21:22:38:f0:a6:b4:5a:3a:00:94:
                    f4:de:2c:15:98:b1:82:8b:fa:f2:0e:e8:8e:2e:69:
                    86:0f:f6:f4:82:8d:b5:6f:00:8b:cc:3c:29:b8:2d:
                    fa:03:c2:7f:46:c5:0b:9f:4e:ee:f5:82:d5:b2:9f:
                    29:3b:43:b8:0b:90:05:f6:53:68:be:f2:d2:91:f9:
                    ec:5a:3f:83:d0:0f:49:6a:7f:d9:a3:72:d0:8f:74:
                    a6:4b:c8:31:bd:ac:45:6b:51:c4:46:0d:aa:31:3d:
                    03:bb:fc:7f:50:c6:ec:57:72:84:40:a8:4f:1d:14:
                    b6:4d:30:6c:2f:b1:69:7a:9b:1f:8f:f9:af:a3:00:
                    df:96:df:df:e6:b9:6d:5e:bc:1e:40:e7:ee:fe:18:
                    aa:bb:19:e5:26:9f:79:01:76:06:26:6b:43:cb:15:
                    41:aa:01:19:d9:11:19:7b:df:99:8c:68:8d:4b:a9:
                    76:3b:32:ff:68:4d:5c:0e:5d:c7:5f:ed:1a:20:f4:
                    68:29:0b:21:ac:79:05:9a:57:0a:54:d7:7d:06:83:
                    f9:b5:79:09:65:fa:c2:83:6d:b6:77:3e:e0:b2:ac:
                    15:b4:88:22:95:64:70:27:88:50:2b:e4:2e:6f:df:
                    f1:3c:fa:21:70:c2:bf:54:18:3e:2a:6f:2f:28:0f:
                    d3:83:61:6c:b5:9d:5e:4f:f8:8a:3b:75:ef:e9:97:
                    58:98:2f:31:39:cd:dd:18:ff:fc:ce:d0:83:72:23:
                    4f:e1:66:a4:0b:2a:5d:44:79:e4:7b:6a:67:d5:c5:
                    6a:a7:c9:ff:7e:1c:1b:20:e9:18:ee:69:cd:5b:cb:
                    f1:c3:cd:9e:62:38:f3:b0:f3:70:f8:0e:2f:c9:7b:
                    27:6e:5b:e4:78:b8:a2:b4:5a:26:ff:9f:bd:c6:b1:
                    2d:5b:a4:b3:49:17:24:68:02:be:b9:7e:c3:d5:37:
                    ca:c3:b4:bd:1b:28:fd:70:45:4f:9e:7e:1b:2a:14:
                    3d:cf:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F
            X509v3 Authority Key Identifier:
                keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F

            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Issuer Alternative Name:
                <EMPTY>

            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
    Signature Algorithm: sha256WithRSAEncryption
         8a:33:b3:59:6d:30:11:d1:df:71:fa:ed:90:02:13:40:84:e0:
         54:3e:88:ce:12:07:c9:29:ce:44:69:c0:e8:d4:90:e3:48:5c:
         0c:6d:4f:c4:d6:af:a3:c5:86:ff:d1:93:8f:9b:b3:5e:8f:37:
         fa:9c:93:cd:a8:0d:71:28:91:fa:06:17:70:a4:be:7a:30:b1:
         76:c3:33:f2:4b:a7:b8:ec:a7:f9:76:e9:08:cb:b3:1b:cd:a5:
         5f:c6:1a:85:7c:76:d4:67:da:d4:80:6d:be:80:4b:5c:f6:d0:
         f8:f5:47:12:73:92:35:86:f2:76:4f:82:2c:e9:ec:1b:bf:5b:
         cb:fa:31:65:41:ad:6f:e6:71:76:76:46:e7:51:b2:d0:fe:77:
         76:2f:49:9d:c2:79:7a:94:9b:a8:42:4e:91:bb:72:60:c6:91:
         e9:e6:cf:59:17:20:75:14:90:42:7c:c9:5d:27:10:b9:81:c0:
         a5:43:3d:0a:e0:c6:ba:7e:e9:9a:98:02:a6:bf:5d:55:2b:31:
         b9:0a:91:d7:f0:28:07:0b:80:e2:1c:0e:5f:c8:f8:88:17:3d:
         8b:b0:b3:df:09:e3:0d:4b:1c:ed:d9:d1:8a:9a:d8:d8:b0:e6:
         bf:9f:1e:14:86:45:47:5a:c5:e3:90:06:b7:0a:72:60:0d:0d:
         2c:bd:ce:19:57:02:09:e0:d8:6e:ed:9a:7e:d6:8d:18:42:fc:
         32:54:88:c1:87:98:0b:7e:ca:dd:9a:3e:d8:5b:00:91:28:ea:
         2b:35:ad:36:6c:9d:e0:cc:41:cd:e9:31:75:ec:2c:e5:5e:24:
         59:cd:f6:cb:14:42:e1:b6:30:84:6e:f2:13:8a:9e:32:0e:34:
         1a:4f:5d:a7:19:67:64:84:29:5f:ec:7e:18:1a:7f:0c:65:6a:
         04:8a:fa:a2:2b:76:ff:1f:c4:0a:5f:1b:df:4e:6b:60:58:ae:
         37:d8:b8:3b:09:fa:34:8e:6a:e2:1c:a5:c6:a5:2c:a1:22:09:
         03:91:b5:16:d6:d5:60:0b:a9:c2:8d:f4:6f:2c:1e:43:60:9d:
         a3:8b:5c:34:ef:89:e5:93:ba:93:f8:92:96:fb:d2:f4:4b:68:
         ca:0a:8c:58:d4:e2:cd:8e:e4:d7:90:1c:79:6f:c7:c2:61:ae:
         e7:52:07:70:e2:d9:b4:59:b2:73:c4:eb:f0:39:09:3f:b3:69:
         c7:2e:29:28:f5:a3:cd:fb:fd:2c:6b:b6:ad:de:f4:86:c4:e7:
         20:e2:fc:37:40:95:b2:11:27:48:3c:3e:1c:f9:bd:fe:d2:56:
         4d:a4:21:9c:85:eb:95:f1:bb:82:72:10:1c:d5:ff:eb:78:eb:
         c7:5c:5f:fd:ec:0c:07:66

CA intermédiaire:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4096 (0x1000)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com
        Validity
            Not Before: Jan  1 00:00:00 2018 GMT
            Not After : Jan  1 00:00:00 2048 GMT
        Subject: C = IR, ST = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Intermediate Certificate Authority, emailAddress = iu@sample.tld.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:ad:d4:fd:41:15:a9:9e:ee:ef:09:3f:3f:54:55:
                    b4:bc:eb:15:d7:e8:3f:3d:5c:6a:f1:6e:83:33:da:
                    98:d5:e8:f8:ee:a3:62:a0:5a:bd:e0:a6:b3:c3:a1:
                    2c:7f:80:32:e5:f7:a9:0d:e0:33:2f:16:03:bd:59:
                    f4:47:6c:2b:6a:c3:d1:bf:a8:98:d6:1a:25:48:45:
                    94:cc:f4:3b:00:fa:3a:62:5f:1d:2e:e6:e3:cc:f8:
                    4e:78:8e:0d:93:ca:46:d9:b8:fa:45:f6:0d:8a:9d:
                    47:47:fe:10:1f:54:69:8c:eb:5d:71:d5:69:dc:0f:
                    12:9f:7b:a1:3e:e4:79:77:0b:f1:f3:33:9f:a8:75:
                    5c:3c:1f:38:96:c9:6f:8e:f4:b7:33:d8:51:c7:43:
                    42:1f:8f:7f:99:8e:d7:16:e0:cd:c8:c5:71:ac:4e:
                    07:c5:59:88:c6:97:55:a8:1c:ef:c8:43:30:25:7d:
                    8d:00:65:ab:bc:6f:d4:54:48:3b:6f:d6:e6:6f:ee:
                    da:3a:93:73:c3:9c:79:27:3a:fe:01:8f:67:24:91:
                    d1:92:1b:76:90:df:68:2b:8f:74:06:bd:f3:e3:96:
                    31:90:23:31:49:e9:76:51:ee:8f:3e:85:78:3c:99:
                    e4:84:4d:1a:61:86:8f:22:d2:b6:90:96:f4:ca:52:
                    c5:c7:3c:c9:cc:bd:3f:6b:56:df:df:21:0d:b3:09:
                    05:12:b5:37:ee:61:26:a6:0d:21:d7:52:f9:49:0d:
                    17:8c:44:ab:72:82:0c:db:05:33:77:67:70:bb:94:
                    4c:db:07:97:58:77:f2:28:95:6e:97:d2:f3:6f:fa:
                    b9:58:23:e1:39:81:b0:c5:1c:df:7f:45:5c:b1:8f:
                    89:bd:b8:51:0d:6a:a5:db:9d:8f:97:05:2d:fa:3b:
                    15:04:67:b4:b4:b2:fd:fb:69:b9:d3:73:0c:56:79:
                    e2:67:7a:0d:f8:6d:60:04:48:99:c4:7e:6a:8c:b0:
                    73:d1:70:a7:7d:0b:c5:6d:40:72:fb:58:fd:b4:46:
                    8c:a0:40:87:1c:23:75:1a:8a:4b:40:3b:f3:38:50:
                    18:3d:99:d3:2d:81:87:dc:27:22:39:36:fd:59:b9:
                    03:63:1c:76:ff:a8:0b:7b:8f:de:ff:6d:59:18:3e:
                    e5:a9:0f:b8:2f:fd:52:5a:7a:e4:d4:03:4b:25:9a:
                    50:e5:1b:80:ce:ab:4a:04:0e:5f:a8:31:01:38:ea:
                    7f:1e:b5:0a:a5:65:f9:b0:c4:24:55:89:6e:8d:9e:
                    3a:cf:e9:9a:f5:8c:e1:1b:ee:29:2b:3b:16:51:d8:
                    77:fe:95:f9:15:d3:a9:61:30:bc:94:0a:7d:98:87:
                    d2:82:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:6C:F7:40:34:DD:ED:0E:25:46:5D:16:65:4D:8F:ED:29:E8:5E:A7
            X509v3 Authority Key Identifier:
                keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F

            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
    Signature Algorithm: sha256WithRSAEncryption
         d6:e5:f9:73:b4:50:98:ab:e9:6d:44:ef:4c:32:c4:88:bc:40:
         3d:1c:80:a2:04:09:da:e0:3d:9d:e2:c5:2b:1d:64:7b:84:81:
         4a:30:57:5a:c0:49:48:77:0b:c0:15:3e:cd:52:a9:d7:33:29:
         eb:95:ce:b1:a2:9b:7c:9d:ac:53:3d:a7:2c:b0:f1:a5:d2:81:
         c2:23:ea:bb:cd:e4:3f:e3:18:b4:70:6d:7d:23:1c:82:cc:01:
         67:f9:2e:a9:8a:9e:94:ac:aa:ef:a3:9c:66:13:e7:b9:11:2f:
         e5:52:c2:fe:92:f6:85:3f:3d:35:ad:57:15:d9:b8:19:b8:43:
         73:62:f0:5a:55:d6:f3:18:7c:9f:79:fc:11:b8:ac:f6:a7:14:
         e0:93:b1:9a:a8:42:1a:32:a8:36:43:87:b4:0d:76:2f:a5:ca:
         66:4b:c4:cf:58:ec:c2:75:1b:32:58:8c:be:cc:b8:4a:0c:bd:
         75:17:3d:b9:21:0b:e8:57:ea:84:92:e2:f8:d2:35:11:23:62:
         4d:64:d0:3b:db:d5:1c:14:03:a7:ff:d9:0a:64:eb:36:2d:79:
         6b:13:9f:d4:8d:08:01:86:83:10:a4:24:88:ea:6a:b4:75:07:
         ab:54:87:2a:b6:87:23:d9:b0:00:d4:ba:6a:1d:db:ab:49:f2:
         59:40:1f:6e:32:13:15:a7:40:3d:6a:22:24:12:4e:47:42:37:
         9c:27:f5:d2:93:3f:40:77:f8:c5:db:9b:f0:92:15:51:74:0d:
         5b:3c:f5:8b:a1:9c:39:f9:8b:41:3a:7b:57:00:31:d6:ca:e1:
         5f:ef:54:7d:69:ba:2f:ce:52:6f:77:f6:b6:2c:c8:d8:d5:bc:
         c9:99:d1:5a:5e:0f:b7:a4:24:09:58:07:af:bf:bc:1b:42:7b:
         9c:31:22:5a:b8:bb:24:24:af:5b:5e:f5:a3:48:b1:bb:5c:ed:
         86:87:70:af:10:6c:4e:34:d1:3e:2d:03:a8:4a:bf:67:1c:c6:
         61:18:b1:82:75:5b:a0:b2:2f:1e:8d:f8:6a:bd:47:53:94:b2:
         2c:93:74:c4:d6:d0:28:42:cf:4b:2f:61:81:86:42:53:ce:2f:
         6b:e2:8e:aa:bf:9e:d1:9d:6a:2a:d3:83:0b:c0:df:fc:19:f3:
         58:a0:ed:14:65:0f:87:9d:53:0b:d0:8d:fe:bb:97:8c:97:84:
         f8:d4:c0:2c:99:44:99:83:3f:6d:d4:e9:c5:b0:8d:b9:df:d7:
         5c:d3:fd:b9:90:36:1f:83:ba:53:dd:d0:8a:c6:a1:85:85:39:
         af:6b:9b:da:c3:1c:27:f3:3d:94:af:65:12:07:98:f5:5d:de:
         1a:d3:32:15:7a:d7:f7:63

Chaîne CA:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4096 (0x1000)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com
        Validity
            Not Before: Jan  1 00:00:00 2018 GMT
            Not After : Jan  1 00:00:00 2048 GMT
        Subject: C = IR, ST = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Intermediate Certificate Authority, emailAddress = iu@sample.tld.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (4096 bit)
                Modulus:
                    00:ad:d4:fd:41:15:a9:9e:ee:ef:09:3f:3f:54:55:
                    b4:bc:eb:15:d7:e8:3f:3d:5c:6a:f1:6e:83:33:da:
                    98:d5:e8:f8:ee:a3:62:a0:5a:bd:e0:a6:b3:c3:a1:
                    2c:7f:80:32:e5:f7:a9:0d:e0:33:2f:16:03:bd:59:
                    f4:47:6c:2b:6a:c3:d1:bf:a8:98:d6:1a:25:48:45:
                    94:cc:f4:3b:00:fa:3a:62:5f:1d:2e:e6:e3:cc:f8:
                    4e:78:8e:0d:93:ca:46:d9:b8:fa:45:f6:0d:8a:9d:
                    47:47:fe:10:1f:54:69:8c:eb:5d:71:d5:69:dc:0f:
                    12:9f:7b:a1:3e:e4:79:77:0b:f1:f3:33:9f:a8:75:
                    5c:3c:1f:38:96:c9:6f:8e:f4:b7:33:d8:51:c7:43:
                    42:1f:8f:7f:99:8e:d7:16:e0:cd:c8:c5:71:ac:4e:
                    07:c5:59:88:c6:97:55:a8:1c:ef:c8:43:30:25:7d:
                    8d:00:65:ab:bc:6f:d4:54:48:3b:6f:d6:e6:6f:ee:
                    da:3a:93:73:c3:9c:79:27:3a:fe:01:8f:67:24:91:
                    d1:92:1b:76:90:df:68:2b:8f:74:06:bd:f3:e3:96:
                    31:90:23:31:49:e9:76:51:ee:8f:3e:85:78:3c:99:
                    e4:84:4d:1a:61:86:8f:22:d2:b6:90:96:f4:ca:52:
                    c5:c7:3c:c9:cc:bd:3f:6b:56:df:df:21:0d:b3:09:
                    05:12:b5:37:ee:61:26:a6:0d:21:d7:52:f9:49:0d:
                    17:8c:44:ab:72:82:0c:db:05:33:77:67:70:bb:94:
                    4c:db:07:97:58:77:f2:28:95:6e:97:d2:f3:6f:fa:
                    b9:58:23:e1:39:81:b0:c5:1c:df:7f:45:5c:b1:8f:
                    89:bd:b8:51:0d:6a:a5:db:9d:8f:97:05:2d:fa:3b:
                    15:04:67:b4:b4:b2:fd:fb:69:b9:d3:73:0c:56:79:
                    e2:67:7a:0d:f8:6d:60:04:48:99:c4:7e:6a:8c:b0:
                    73:d1:70:a7:7d:0b:c5:6d:40:72:fb:58:fd:b4:46:
                    8c:a0:40:87:1c:23:75:1a:8a:4b:40:3b:f3:38:50:
                    18:3d:99:d3:2d:81:87:dc:27:22:39:36:fd:59:b9:
                    03:63:1c:76:ff:a8:0b:7b:8f:de:ff:6d:59:18:3e:
                    e5:a9:0f:b8:2f:fd:52:5a:7a:e4:d4:03:4b:25:9a:
                    50:e5:1b:80:ce:ab:4a:04:0e:5f:a8:31:01:38:ea:
                    7f:1e:b5:0a:a5:65:f9:b0:c4:24:55:89:6e:8d:9e:
                    3a:cf:e9:9a:f5:8c:e1:1b:ee:29:2b:3b:16:51:d8:
                    77:fe:95:f9:15:d3:a9:61:30:bc:94:0a:7d:98:87:
                    d2:82:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:6C:F7:40:34:DD:ED:0E:25:46:5D:16:65:4D:8F:ED:29:E8:5E:A7
            X509v3 Authority Key Identifier:
                keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F

            X509v3 Basic Constraints: critical
                CA:TRUE, pathlen:0
            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
    Signature Algorithm: sha256WithRSAEncryption
         d6:e5:f9:73:b4:50:98:ab:e9:6d:44:ef:4c:32:c4:88:bc:40:
         3d:1c:80:a2:04:09:da:e0:3d:9d:e2:c5:2b:1d:64:7b:84:81:
         4a:30:57:5a:c0:49:48:77:0b:c0:15:3e:cd:52:a9:d7:33:29:
         eb:95:ce:b1:a2:9b:7c:9d:ac:53:3d:a7:2c:b0:f1:a5:d2:81:
         c2:23:ea:bb:cd:e4:3f:e3:18:b4:70:6d:7d:23:1c:82:cc:01:
         67:f9:2e:a9:8a:9e:94:ac:aa:ef:a3:9c:66:13:e7:b9:11:2f:
         e5:52:c2:fe:92:f6:85:3f:3d:35:ad:57:15:d9:b8:19:b8:43:
         73:62:f0:5a:55:d6:f3:18:7c:9f:79:fc:11:b8:ac:f6:a7:14:
         e0:93:b1:9a:a8:42:1a:32:a8:36:43:87:b4:0d:76:2f:a5:ca:
         66:4b:c4:cf:58:ec:c2:75:1b:32:58:8c:be:cc:b8:4a:0c:bd:
         75:17:3d:b9:21:0b:e8:57:ea:84:92:e2:f8:d2:35:11:23:62:
         4d:64:d0:3b:db:d5:1c:14:03:a7:ff:d9:0a:64:eb:36:2d:79:
         6b:13:9f:d4:8d:08:01:86:83:10:a4:24:88:ea:6a:b4:75:07:
         ab:54:87:2a:b6:87:23:d9:b0:00:d4:ba:6a:1d:db:ab:49:f2:
         59:40:1f:6e:32:13:15:a7:40:3d:6a:22:24:12:4e:47:42:37:
         9c:27:f5:d2:93:3f:40:77:f8:c5:db:9b:f0:92:15:51:74:0d:
         5b:3c:f5:8b:a1:9c:39:f9:8b:41:3a:7b:57:00:31:d6:ca:e1:
         5f:ef:54:7d:69:ba:2f:ce:52:6f:77:f6:b6:2c:c8:d8:d5:bc:
         c9:99:d1:5a:5e:0f:b7:a4:24:09:58:07:af:bf:bc:1b:42:7b:
         9c:31:22:5a:b8:bb:24:24:af:5b:5e:f5:a3:48:b1:bb:5c:ed:
         86:87:70:af:10:6c:4e:34:d1:3e:2d:03:a8:4a:bf:67:1c:c6:
         61:18:b1:82:75:5b:a0:b2:2f:1e:8d:f8:6a:bd:47:53:94:b2:
         2c:93:74:c4:d6:d0:28:42:cf:4b:2f:61:81:86:42:53:ce:2f:
         6b:e2:8e:aa:bf:9e:d1:9d:6a:2a:d3:83:0b:c0:df:fc:19:f3:
         58:a0:ed:14:65:0f:87:9d:53:0b:d0:8d:fe:bb:97:8c:97:84:
         f8:d4:c0:2c:99:44:99:83:3f:6d:d4:e9:c5:b0:8d:b9:df:d7:
         5c:d3:fd:b9:90:36:1f:83:ba:53:dd:d0:8a:c6:a1:85:85:39:
         af:6b:9b:da:c3:1c:27:f3:3d:94:af:65:12:07:98:f5:5d:de:
         1a:d3:32:15:7a:d7:f7:63

1
openssl x509 -noout -text -in <certificate file>vous donnera une meilleure vue de vos certificats qu'une image. Copiez / collez la sortie de tous vos certificats dans votre question.
garethTheRed

@garethTheRed ajouté.
sweb

2
Vous ajoutez uniquement le certificat de l'autorité de certification racine à Firefox (ou à tout autre navigateur et / ou système d'exploitation). Tous les autres certificats sont d'abord ajoutés à l'entité finale du bundle, suivis de l'autorité de certification qui l'a signée, suivis de l'autorité de certification qui l'a signée, jusqu'à la dernière autorité de certification intermédiaire. Il n'est pas nécessaire d'ajouter l'autorité de certification racine ici, car celle-ci est installée dans Firefox (ou similaire). Cet ensemble est ensuite installé sur votre serveur Web.
garethTheRed

Réponses:


0

Le serveur HTTP doit avoir la chaîne de domainet intermediatecomme chaîne de certificat côté serveur.

cat certs/intermediate/certs/domain.cert.pem \ 
  certs/intermediate/certs/intermediate.cert.pem > webserver.cert.pem

Ce n'est pas documenté toi.

En utilisant notre site, vous reconnaissez avoir lu et compris notre politique liée aux cookies et notre politique de confidentialité.
Licensed under cc by-sa 3.0 with attribution required.