Idea ID: 2809064

Check certificate chain on Import

Status : Under Consideration
Under Consideration
See status update history
over 1 year ago

Missing or invalid certificates chains are a common problem.

To make sure the certificate chain is complete on import, AA should verify the chain by using existing root ca certificates. AA should display a warning if the verification fails.

Basic Example:

openssl pkcs12 -in test.p12 -nokeys -cacerts -out intermediate.pem

openssl pkcs12 -in test.p12 -nokeys -out cert.pem

openssl verify -CAfile /etc/ssl/cert.pem -untrusted intermediate.pem cert.pem

Tags:

Labels:

Idea
SSL