PKI certs hierarchy
up vote
0
down vote
favorite
I follow https://jamielinux.com/docs/openssl-certificate-authority/index.html and after create root and intermediate ca the chain file dosnt have hierarchy like other ca.
Here's the sample of expected hierarchy:
- Root ca creation
- Intermediate CA created and singed by root ca
- domain cert created and singed by intermediate.
Create https://jamielinux.com/docs/openssl-certificate-authority/create-the-intermediate-pair.html#create-the-certificate-chain-file
But after import ca-chain.cert.pem
via firefox that contain intermediate and root (exactly this order) . Just import the intermediate.
After importing in browser website work well but there is no root ca in hierarchy. just intermediate then website certification.
Even after import root ca the cert doesn't hierarchy as i expected.
What i missed?
Root ca:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
f1:61:fb:1e:9e:12:3d:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com
Validity
Not Before: Jan 1 00:00:00 2018 GMT
Not After : Jan 1 00:00:00 2058 GMT
Subject: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:dc:20:86:ef:e7:01:fe:a8:6f:72:c1:b0:19:f3:
54:4c:36:f8:c9:c3:e9:82:58:e1:40:d0:dc:94:40:
7e:81:44:bc:83:a2:60:b0:60:b5:07:db:8a:23:ba:
21:d6:b6:9e:72:fd:03:86:6c:87:92:2c:f0:f9:4c:
64:e3:42:50:e4:93:ce:49:55:ce:c6:ce:cd:36:af:
2f:d2:f8:61:21:92:2e:67:0a:57:13:7f:e5:d6:a0:
42:1e:61:46:f2:c5:f3:0d:05:19:09:93:b5:7d:6b:
23:d1:a4:ae:9d:e4:22:9e:17:f5:b8:38:11:f6:f7:
29:6c:a1:7e:b5:68:34:9d:31:b8:cb:bd:b8:fb:9a:
25:f6:96:8b:6b:21:22:38:f0:a6:b4:5a:3a:00:94:
f4:de:2c:15:98:b1:82:8b:fa:f2:0e:e8:8e:2e:69:
86:0f:f6:f4:82:8d:b5:6f:00:8b:cc:3c:29:b8:2d:
fa:03:c2:7f:46:c5:0b:9f:4e:ee:f5:82:d5:b2:9f:
29:3b:43:b8:0b:90:05:f6:53:68:be:f2:d2:91:f9:
ec:5a:3f:83:d0:0f:49:6a:7f:d9:a3:72:d0:8f:74:
a6:4b:c8:31:bd:ac:45:6b:51:c4:46:0d:aa:31:3d:
03:bb:fc:7f:50:c6:ec:57:72:84:40:a8:4f:1d:14:
b6:4d:30:6c:2f:b1:69:7a:9b:1f:8f:f9:af:a3:00:
df:96:df:df:e6:b9:6d:5e:bc:1e:40:e7:ee:fe:18:
aa:bb:19:e5:26:9f:79:01:76:06:26:6b:43:cb:15:
41:aa:01:19:d9:11:19:7b:df:99:8c:68:8d:4b:a9:
76:3b:32:ff:68:4d:5c:0e:5d:c7:5f:ed:1a:20:f4:
68:29:0b:21:ac:79:05:9a:57:0a:54:d7:7d:06:83:
f9:b5:79:09:65:fa:c2:83:6d:b6:77:3e:e0:b2:ac:
15:b4:88:22:95:64:70:27:88:50:2b:e4:2e:6f:df:
f1:3c:fa:21:70:c2:bf:54:18:3e:2a:6f:2f:28:0f:
d3:83:61:6c:b5:9d:5e:4f:f8:8a:3b:75:ef:e9:97:
58:98:2f:31:39:cd:dd:18:ff:fc:ce:d0:83:72:23:
4f:e1:66:a4:0b:2a:5d:44:79:e4:7b:6a:67:d5:c5:
6a:a7:c9:ff:7e:1c:1b:20:e9:18:ee:69:cd:5b:cb:
f1:c3:cd:9e:62:38:f3:b0:f3:70:f8:0e:2f:c9:7b:
27:6e:5b:e4:78:b8:a2:b4:5a:26:ff:9f:bd:c6:b1:
2d:5b:a4:b3:49:17:24:68:02:be:b9:7e:c3:d5:37:
ca:c3:b4:bd:1b:28:fd:70:45:4f:9e:7e:1b:2a:14:
3d:cf:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F
X509v3 Authority Key Identifier:
keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Issuer Alternative Name:
<EMPTY>
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
8a:33:b3:59:6d:30:11:d1:df:71:fa:ed:90:02:13:40:84:e0:
54:3e:88:ce:12:07:c9:29:ce:44:69:c0:e8:d4:90:e3:48:5c:
0c:6d:4f:c4:d6:af:a3:c5:86:ff:d1:93:8f:9b:b3:5e:8f:37:
fa:9c:93:cd:a8:0d:71:28:91:fa:06:17:70:a4:be:7a:30:b1:
76:c3:33:f2:4b:a7:b8:ec:a7:f9:76:e9:08:cb:b3:1b:cd:a5:
5f:c6:1a:85:7c:76:d4:67:da:d4:80:6d:be:80:4b:5c:f6:d0:
f8:f5:47:12:73:92:35:86:f2:76:4f:82:2c:e9:ec:1b:bf:5b:
cb:fa:31:65:41:ad:6f:e6:71:76:76:46:e7:51:b2:d0:fe:77:
76:2f:49:9d:c2:79:7a:94:9b:a8:42:4e:91:bb:72:60:c6:91:
e9:e6:cf:59:17:20:75:14:90:42:7c:c9:5d:27:10:b9:81:c0:
a5:43:3d:0a:e0:c6:ba:7e:e9:9a:98:02:a6:bf:5d:55:2b:31:
b9:0a:91:d7:f0:28:07:0b:80:e2:1c:0e:5f:c8:f8:88:17:3d:
8b:b0:b3:df:09:e3:0d:4b:1c:ed:d9:d1:8a:9a:d8:d8:b0:e6:
bf:9f:1e:14:86:45:47:5a:c5:e3:90:06:b7:0a:72:60:0d:0d:
2c:bd:ce:19:57:02:09:e0:d8:6e:ed:9a:7e:d6:8d:18:42:fc:
32:54:88:c1:87:98:0b:7e:ca:dd:9a:3e:d8:5b:00:91:28:ea:
2b:35:ad:36:6c:9d:e0:cc:41:cd:e9:31:75:ec:2c:e5:5e:24:
59:cd:f6:cb:14:42:e1:b6:30:84:6e:f2:13:8a:9e:32:0e:34:
1a:4f:5d:a7:19:67:64:84:29:5f:ec:7e:18:1a:7f:0c:65:6a:
04:8a:fa:a2:2b:76:ff:1f:c4:0a:5f:1b:df:4e:6b:60:58:ae:
37:d8:b8:3b:09:fa:34:8e:6a:e2:1c:a5:c6:a5:2c:a1:22:09:
03:91:b5:16:d6:d5:60:0b:a9:c2:8d:f4:6f:2c:1e:43:60:9d:
a3:8b:5c:34:ef:89:e5:93:ba:93:f8:92:96:fb:d2:f4:4b:68:
ca:0a:8c:58:d4:e2:cd:8e:e4:d7:90:1c:79:6f:c7:c2:61:ae:
e7:52:07:70:e2:d9:b4:59:b2:73:c4:eb:f0:39:09:3f:b3:69:
c7:2e:29:28:f5:a3:cd:fb:fd:2c:6b:b6:ad:de:f4:86:c4:e7:
20:e2:fc:37:40:95:b2:11:27:48:3c:3e:1c:f9:bd:fe:d2:56:
4d:a4:21:9c:85:eb:95:f1:bb:82:72:10:1c:d5:ff:eb:78:eb:
c7:5c:5f:fd:ec:0c:07:66
Intermediate CA:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4096 (0x1000)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com
Validity
Not Before: Jan 1 00:00:00 2018 GMT
Not After : Jan 1 00:00:00 2048 GMT
Subject: C = IR, ST = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Intermediate Certificate Authority, emailAddress = iu@sample.tld.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:ad:d4:fd:41:15:a9:9e:ee:ef:09:3f:3f:54:55:
b4:bc:eb:15:d7:e8:3f:3d:5c:6a:f1:6e:83:33:da:
98:d5:e8:f8:ee:a3:62:a0:5a:bd:e0:a6:b3:c3:a1:
2c:7f:80:32:e5:f7:a9:0d:e0:33:2f:16:03:bd:59:
f4:47:6c:2b:6a:c3:d1:bf:a8:98:d6:1a:25:48:45:
94:cc:f4:3b:00:fa:3a:62:5f:1d:2e:e6:e3:cc:f8:
4e:78:8e:0d:93:ca:46:d9:b8:fa:45:f6:0d:8a:9d:
47:47:fe:10:1f:54:69:8c:eb:5d:71:d5:69:dc:0f:
12:9f:7b:a1:3e:e4:79:77:0b:f1:f3:33:9f:a8:75:
5c:3c:1f:38:96:c9:6f:8e:f4:b7:33:d8:51:c7:43:
42:1f:8f:7f:99:8e:d7:16:e0:cd:c8:c5:71:ac:4e:
07:c5:59:88:c6:97:55:a8:1c:ef:c8:43:30:25:7d:
8d:00:65:ab:bc:6f:d4:54:48:3b:6f:d6:e6:6f:ee:
da:3a:93:73:c3:9c:79:27:3a:fe:01:8f:67:24:91:
d1:92:1b:76:90:df:68:2b:8f:74:06:bd:f3:e3:96:
31:90:23:31:49:e9:76:51:ee:8f:3e:85:78:3c:99:
e4:84:4d:1a:61:86:8f:22:d2:b6:90:96:f4:ca:52:
c5:c7:3c:c9:cc:bd:3f:6b:56:df:df:21:0d:b3:09:
05:12:b5:37:ee:61:26:a6:0d:21:d7:52:f9:49:0d:
17:8c:44:ab:72:82:0c:db:05:33:77:67:70:bb:94:
4c:db:07:97:58:77:f2:28:95:6e:97:d2:f3:6f:fa:
b9:58:23:e1:39:81:b0:c5:1c:df:7f:45:5c:b1:8f:
89:bd:b8:51:0d:6a:a5:db:9d:8f:97:05:2d:fa:3b:
15:04:67:b4:b4:b2:fd:fb:69:b9:d3:73:0c:56:79:
e2:67:7a:0d:f8:6d:60:04:48:99:c4:7e:6a:8c:b0:
73:d1:70:a7:7d:0b:c5:6d:40:72:fb:58:fd:b4:46:
8c:a0:40:87:1c:23:75:1a:8a:4b:40:3b:f3:38:50:
18:3d:99:d3:2d:81:87:dc:27:22:39:36:fd:59:b9:
03:63:1c:76:ff:a8:0b:7b:8f:de:ff:6d:59:18:3e:
e5:a9:0f:b8:2f:fd:52:5a:7a:e4:d4:03:4b:25:9a:
50:e5:1b:80:ce:ab:4a:04:0e:5f:a8:31:01:38:ea:
7f:1e:b5:0a:a5:65:f9:b0:c4:24:55:89:6e:8d:9e:
3a:cf:e9:9a:f5:8c:e1:1b:ee:29:2b:3b:16:51:d8:
77:fe:95:f9:15:d3:a9:61:30:bc:94:0a:7d:98:87:
d2:82:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:6C:F7:40:34:DD:ED:0E:25:46:5D:16:65:4D:8F:ED:29:E8:5E:A7
X509v3 Authority Key Identifier:
keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
d6:e5:f9:73:b4:50:98:ab:e9:6d:44:ef:4c:32:c4:88:bc:40:
3d:1c:80:a2:04:09:da:e0:3d:9d:e2:c5:2b:1d:64:7b:84:81:
4a:30:57:5a:c0:49:48:77:0b:c0:15:3e:cd:52:a9:d7:33:29:
eb:95:ce:b1:a2:9b:7c:9d:ac:53:3d:a7:2c:b0:f1:a5:d2:81:
c2:23:ea:bb:cd:e4:3f:e3:18:b4:70:6d:7d:23:1c:82:cc:01:
67:f9:2e:a9:8a:9e:94:ac:aa:ef:a3:9c:66:13:e7:b9:11:2f:
e5:52:c2:fe:92:f6:85:3f:3d:35:ad:57:15:d9:b8:19:b8:43:
73:62:f0:5a:55:d6:f3:18:7c:9f:79:fc:11:b8:ac:f6:a7:14:
e0:93:b1:9a:a8:42:1a:32:a8:36:43:87:b4:0d:76:2f:a5:ca:
66:4b:c4:cf:58:ec:c2:75:1b:32:58:8c:be:cc:b8:4a:0c:bd:
75:17:3d:b9:21:0b:e8:57:ea:84:92:e2:f8:d2:35:11:23:62:
4d:64:d0:3b:db:d5:1c:14:03:a7:ff:d9:0a:64:eb:36:2d:79:
6b:13:9f:d4:8d:08:01:86:83:10:a4:24:88:ea:6a:b4:75:07:
ab:54:87:2a:b6:87:23:d9:b0:00:d4:ba:6a:1d:db:ab:49:f2:
59:40:1f:6e:32:13:15:a7:40:3d:6a:22:24:12:4e:47:42:37:
9c:27:f5:d2:93:3f:40:77:f8:c5:db:9b:f0:92:15:51:74:0d:
5b:3c:f5:8b:a1:9c:39:f9:8b:41:3a:7b:57:00:31:d6:ca:e1:
5f:ef:54:7d:69:ba:2f:ce:52:6f:77:f6:b6:2c:c8:d8:d5:bc:
c9:99:d1:5a:5e:0f:b7:a4:24:09:58:07:af:bf:bc:1b:42:7b:
9c:31:22:5a:b8:bb:24:24:af:5b:5e:f5:a3:48:b1:bb:5c:ed:
86:87:70:af:10:6c:4e:34:d1:3e:2d:03:a8:4a:bf:67:1c:c6:
61:18:b1:82:75:5b:a0:b2:2f:1e:8d:f8:6a:bd:47:53:94:b2:
2c:93:74:c4:d6:d0:28:42:cf:4b:2f:61:81:86:42:53:ce:2f:
6b:e2:8e:aa:bf:9e:d1:9d:6a:2a:d3:83:0b:c0:df:fc:19:f3:
58:a0:ed:14:65:0f:87:9d:53:0b:d0:8d:fe:bb:97:8c:97:84:
f8:d4:c0:2c:99:44:99:83:3f:6d:d4:e9:c5:b0:8d:b9:df:d7:
5c:d3:fd:b9:90:36:1f:83:ba:53:dd:d0:8a:c6:a1:85:85:39:
af:6b:9b:da:c3:1c:27:f3:3d:94:af:65:12:07:98:f5:5d:de:
1a:d3:32:15:7a:d7:f7:63
Chain CA:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4096 (0x1000)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com
Validity
Not Before: Jan 1 00:00:00 2018 GMT
Not After : Jan 1 00:00:00 2048 GMT
Subject: C = IR, ST = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Intermediate Certificate Authority, emailAddress = iu@sample.tld.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:ad:d4:fd:41:15:a9:9e:ee:ef:09:3f:3f:54:55:
b4:bc:eb:15:d7:e8:3f:3d:5c:6a:f1:6e:83:33:da:
98:d5:e8:f8:ee:a3:62:a0:5a:bd:e0:a6:b3:c3:a1:
2c:7f:80:32:e5:f7:a9:0d:e0:33:2f:16:03:bd:59:
f4:47:6c:2b:6a:c3:d1:bf:a8:98:d6:1a:25:48:45:
94:cc:f4:3b:00:fa:3a:62:5f:1d:2e:e6:e3:cc:f8:
4e:78:8e:0d:93:ca:46:d9:b8:fa:45:f6:0d:8a:9d:
47:47:fe:10:1f:54:69:8c:eb:5d:71:d5:69:dc:0f:
12:9f:7b:a1:3e:e4:79:77:0b:f1:f3:33:9f:a8:75:
5c:3c:1f:38:96:c9:6f:8e:f4:b7:33:d8:51:c7:43:
42:1f:8f:7f:99:8e:d7:16:e0:cd:c8:c5:71:ac:4e:
07:c5:59:88:c6:97:55:a8:1c:ef:c8:43:30:25:7d:
8d:00:65:ab:bc:6f:d4:54:48:3b:6f:d6:e6:6f:ee:
da:3a:93:73:c3:9c:79:27:3a:fe:01:8f:67:24:91:
d1:92:1b:76:90:df:68:2b:8f:74:06:bd:f3:e3:96:
31:90:23:31:49:e9:76:51:ee:8f:3e:85:78:3c:99:
e4:84:4d:1a:61:86:8f:22:d2:b6:90:96:f4:ca:52:
c5:c7:3c:c9:cc:bd:3f:6b:56:df:df:21:0d:b3:09:
05:12:b5:37:ee:61:26:a6:0d:21:d7:52:f9:49:0d:
17:8c:44:ab:72:82:0c:db:05:33:77:67:70:bb:94:
4c:db:07:97:58:77:f2:28:95:6e:97:d2:f3:6f:fa:
b9:58:23:e1:39:81:b0:c5:1c:df:7f:45:5c:b1:8f:
89:bd:b8:51:0d:6a:a5:db:9d:8f:97:05:2d:fa:3b:
15:04:67:b4:b4:b2:fd:fb:69:b9:d3:73:0c:56:79:
e2:67:7a:0d:f8:6d:60:04:48:99:c4:7e:6a:8c:b0:
73:d1:70:a7:7d:0b:c5:6d:40:72:fb:58:fd:b4:46:
8c:a0:40:87:1c:23:75:1a:8a:4b:40:3b:f3:38:50:
18:3d:99:d3:2d:81:87:dc:27:22:39:36:fd:59:b9:
03:63:1c:76:ff:a8:0b:7b:8f:de:ff:6d:59:18:3e:
e5:a9:0f:b8:2f:fd:52:5a:7a:e4:d4:03:4b:25:9a:
50:e5:1b:80:ce:ab:4a:04:0e:5f:a8:31:01:38:ea:
7f:1e:b5:0a:a5:65:f9:b0:c4:24:55:89:6e:8d:9e:
3a:cf:e9:9a:f5:8c:e1:1b:ee:29:2b:3b:16:51:d8:
77:fe:95:f9:15:d3:a9:61:30:bc:94:0a:7d:98:87:
d2:82:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:6C:F7:40:34:DD:ED:0E:25:46:5D:16:65:4D:8F:ED:29:E8:5E:A7
X509v3 Authority Key Identifier:
keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
d6:e5:f9:73:b4:50:98:ab:e9:6d:44:ef:4c:32:c4:88:bc:40:
3d:1c:80:a2:04:09:da:e0:3d:9d:e2:c5:2b:1d:64:7b:84:81:
4a:30:57:5a:c0:49:48:77:0b:c0:15:3e:cd:52:a9:d7:33:29:
eb:95:ce:b1:a2:9b:7c:9d:ac:53:3d:a7:2c:b0:f1:a5:d2:81:
c2:23:ea:bb:cd:e4:3f:e3:18:b4:70:6d:7d:23:1c:82:cc:01:
67:f9:2e:a9:8a:9e:94:ac:aa:ef:a3:9c:66:13:e7:b9:11:2f:
e5:52:c2:fe:92:f6:85:3f:3d:35:ad:57:15:d9:b8:19:b8:43:
73:62:f0:5a:55:d6:f3:18:7c:9f:79:fc:11:b8:ac:f6:a7:14:
e0:93:b1:9a:a8:42:1a:32:a8:36:43:87:b4:0d:76:2f:a5:ca:
66:4b:c4:cf:58:ec:c2:75:1b:32:58:8c:be:cc:b8:4a:0c:bd:
75:17:3d:b9:21:0b:e8:57:ea:84:92:e2:f8:d2:35:11:23:62:
4d:64:d0:3b:db:d5:1c:14:03:a7:ff:d9:0a:64:eb:36:2d:79:
6b:13:9f:d4:8d:08:01:86:83:10:a4:24:88:ea:6a:b4:75:07:
ab:54:87:2a:b6:87:23:d9:b0:00:d4:ba:6a:1d:db:ab:49:f2:
59:40:1f:6e:32:13:15:a7:40:3d:6a:22:24:12:4e:47:42:37:
9c:27:f5:d2:93:3f:40:77:f8:c5:db:9b:f0:92:15:51:74:0d:
5b:3c:f5:8b:a1:9c:39:f9:8b:41:3a:7b:57:00:31:d6:ca:e1:
5f:ef:54:7d:69:ba:2f:ce:52:6f:77:f6:b6:2c:c8:d8:d5:bc:
c9:99:d1:5a:5e:0f:b7:a4:24:09:58:07:af:bf:bc:1b:42:7b:
9c:31:22:5a:b8:bb:24:24:af:5b:5e:f5:a3:48:b1:bb:5c:ed:
86:87:70:af:10:6c:4e:34:d1:3e:2d:03:a8:4a:bf:67:1c:c6:
61:18:b1:82:75:5b:a0:b2:2f:1e:8d:f8:6a:bd:47:53:94:b2:
2c:93:74:c4:d6:d0:28:42:cf:4b:2f:61:81:86:42:53:ce:2f:
6b:e2:8e:aa:bf:9e:d1:9d:6a:2a:d3:83:0b:c0:df:fc:19:f3:
58:a0:ed:14:65:0f:87:9d:53:0b:d0:8d:fe:bb:97:8c:97:84:
f8:d4:c0:2c:99:44:99:83:3f:6d:d4:e9:c5:b0:8d:b9:df:d7:
5c:d3:fd:b9:90:36:1f:83:ba:53:dd:d0:8a:c6:a1:85:85:39:
af:6b:9b:da:c3:1c:27:f3:3d:94:af:65:12:07:98:f5:5d:de:
1a:d3:32:15:7a:d7:f7:63
certificate openssl certificate-authority
add a comment |
up vote
0
down vote
favorite
I follow https://jamielinux.com/docs/openssl-certificate-authority/index.html and after create root and intermediate ca the chain file dosnt have hierarchy like other ca.
Here's the sample of expected hierarchy:
- Root ca creation
- Intermediate CA created and singed by root ca
- domain cert created and singed by intermediate.
Create https://jamielinux.com/docs/openssl-certificate-authority/create-the-intermediate-pair.html#create-the-certificate-chain-file
But after import ca-chain.cert.pem
via firefox that contain intermediate and root (exactly this order) . Just import the intermediate.
After importing in browser website work well but there is no root ca in hierarchy. just intermediate then website certification.
Even after import root ca the cert doesn't hierarchy as i expected.
What i missed?
Root ca:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
f1:61:fb:1e:9e:12:3d:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com
Validity
Not Before: Jan 1 00:00:00 2018 GMT
Not After : Jan 1 00:00:00 2058 GMT
Subject: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:dc:20:86:ef:e7:01:fe:a8:6f:72:c1:b0:19:f3:
54:4c:36:f8:c9:c3:e9:82:58:e1:40:d0:dc:94:40:
7e:81:44:bc:83:a2:60:b0:60:b5:07:db:8a:23:ba:
21:d6:b6:9e:72:fd:03:86:6c:87:92:2c:f0:f9:4c:
64:e3:42:50:e4:93:ce:49:55:ce:c6:ce:cd:36:af:
2f:d2:f8:61:21:92:2e:67:0a:57:13:7f:e5:d6:a0:
42:1e:61:46:f2:c5:f3:0d:05:19:09:93:b5:7d:6b:
23:d1:a4:ae:9d:e4:22:9e:17:f5:b8:38:11:f6:f7:
29:6c:a1:7e:b5:68:34:9d:31:b8:cb:bd:b8:fb:9a:
25:f6:96:8b:6b:21:22:38:f0:a6:b4:5a:3a:00:94:
f4:de:2c:15:98:b1:82:8b:fa:f2:0e:e8:8e:2e:69:
86:0f:f6:f4:82:8d:b5:6f:00:8b:cc:3c:29:b8:2d:
fa:03:c2:7f:46:c5:0b:9f:4e:ee:f5:82:d5:b2:9f:
29:3b:43:b8:0b:90:05:f6:53:68:be:f2:d2:91:f9:
ec:5a:3f:83:d0:0f:49:6a:7f:d9:a3:72:d0:8f:74:
a6:4b:c8:31:bd:ac:45:6b:51:c4:46:0d:aa:31:3d:
03:bb:fc:7f:50:c6:ec:57:72:84:40:a8:4f:1d:14:
b6:4d:30:6c:2f:b1:69:7a:9b:1f:8f:f9:af:a3:00:
df:96:df:df:e6:b9:6d:5e:bc:1e:40:e7:ee:fe:18:
aa:bb:19:e5:26:9f:79:01:76:06:26:6b:43:cb:15:
41:aa:01:19:d9:11:19:7b:df:99:8c:68:8d:4b:a9:
76:3b:32:ff:68:4d:5c:0e:5d:c7:5f:ed:1a:20:f4:
68:29:0b:21:ac:79:05:9a:57:0a:54:d7:7d:06:83:
f9:b5:79:09:65:fa:c2:83:6d:b6:77:3e:e0:b2:ac:
15:b4:88:22:95:64:70:27:88:50:2b:e4:2e:6f:df:
f1:3c:fa:21:70:c2:bf:54:18:3e:2a:6f:2f:28:0f:
d3:83:61:6c:b5:9d:5e:4f:f8:8a:3b:75:ef:e9:97:
58:98:2f:31:39:cd:dd:18:ff:fc:ce:d0:83:72:23:
4f:e1:66:a4:0b:2a:5d:44:79:e4:7b:6a:67:d5:c5:
6a:a7:c9:ff:7e:1c:1b:20:e9:18:ee:69:cd:5b:cb:
f1:c3:cd:9e:62:38:f3:b0:f3:70:f8:0e:2f:c9:7b:
27:6e:5b:e4:78:b8:a2:b4:5a:26:ff:9f:bd:c6:b1:
2d:5b:a4:b3:49:17:24:68:02:be:b9:7e:c3:d5:37:
ca:c3:b4:bd:1b:28:fd:70:45:4f:9e:7e:1b:2a:14:
3d:cf:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F
X509v3 Authority Key Identifier:
keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Issuer Alternative Name:
<EMPTY>
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
8a:33:b3:59:6d:30:11:d1:df:71:fa:ed:90:02:13:40:84:e0:
54:3e:88:ce:12:07:c9:29:ce:44:69:c0:e8:d4:90:e3:48:5c:
0c:6d:4f:c4:d6:af:a3:c5:86:ff:d1:93:8f:9b:b3:5e:8f:37:
fa:9c:93:cd:a8:0d:71:28:91:fa:06:17:70:a4:be:7a:30:b1:
76:c3:33:f2:4b:a7:b8:ec:a7:f9:76:e9:08:cb:b3:1b:cd:a5:
5f:c6:1a:85:7c:76:d4:67:da:d4:80:6d:be:80:4b:5c:f6:d0:
f8:f5:47:12:73:92:35:86:f2:76:4f:82:2c:e9:ec:1b:bf:5b:
cb:fa:31:65:41:ad:6f:e6:71:76:76:46:e7:51:b2:d0:fe:77:
76:2f:49:9d:c2:79:7a:94:9b:a8:42:4e:91:bb:72:60:c6:91:
e9:e6:cf:59:17:20:75:14:90:42:7c:c9:5d:27:10:b9:81:c0:
a5:43:3d:0a:e0:c6:ba:7e:e9:9a:98:02:a6:bf:5d:55:2b:31:
b9:0a:91:d7:f0:28:07:0b:80:e2:1c:0e:5f:c8:f8:88:17:3d:
8b:b0:b3:df:09:e3:0d:4b:1c:ed:d9:d1:8a:9a:d8:d8:b0:e6:
bf:9f:1e:14:86:45:47:5a:c5:e3:90:06:b7:0a:72:60:0d:0d:
2c:bd:ce:19:57:02:09:e0:d8:6e:ed:9a:7e:d6:8d:18:42:fc:
32:54:88:c1:87:98:0b:7e:ca:dd:9a:3e:d8:5b:00:91:28:ea:
2b:35:ad:36:6c:9d:e0:cc:41:cd:e9:31:75:ec:2c:e5:5e:24:
59:cd:f6:cb:14:42:e1:b6:30:84:6e:f2:13:8a:9e:32:0e:34:
1a:4f:5d:a7:19:67:64:84:29:5f:ec:7e:18:1a:7f:0c:65:6a:
04:8a:fa:a2:2b:76:ff:1f:c4:0a:5f:1b:df:4e:6b:60:58:ae:
37:d8:b8:3b:09:fa:34:8e:6a:e2:1c:a5:c6:a5:2c:a1:22:09:
03:91:b5:16:d6:d5:60:0b:a9:c2:8d:f4:6f:2c:1e:43:60:9d:
a3:8b:5c:34:ef:89:e5:93:ba:93:f8:92:96:fb:d2:f4:4b:68:
ca:0a:8c:58:d4:e2:cd:8e:e4:d7:90:1c:79:6f:c7:c2:61:ae:
e7:52:07:70:e2:d9:b4:59:b2:73:c4:eb:f0:39:09:3f:b3:69:
c7:2e:29:28:f5:a3:cd:fb:fd:2c:6b:b6:ad:de:f4:86:c4:e7:
20:e2:fc:37:40:95:b2:11:27:48:3c:3e:1c:f9:bd:fe:d2:56:
4d:a4:21:9c:85:eb:95:f1:bb:82:72:10:1c:d5:ff:eb:78:eb:
c7:5c:5f:fd:ec:0c:07:66
Intermediate CA:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4096 (0x1000)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com
Validity
Not Before: Jan 1 00:00:00 2018 GMT
Not After : Jan 1 00:00:00 2048 GMT
Subject: C = IR, ST = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Intermediate Certificate Authority, emailAddress = iu@sample.tld.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:ad:d4:fd:41:15:a9:9e:ee:ef:09:3f:3f:54:55:
b4:bc:eb:15:d7:e8:3f:3d:5c:6a:f1:6e:83:33:da:
98:d5:e8:f8:ee:a3:62:a0:5a:bd:e0:a6:b3:c3:a1:
2c:7f:80:32:e5:f7:a9:0d:e0:33:2f:16:03:bd:59:
f4:47:6c:2b:6a:c3:d1:bf:a8:98:d6:1a:25:48:45:
94:cc:f4:3b:00:fa:3a:62:5f:1d:2e:e6:e3:cc:f8:
4e:78:8e:0d:93:ca:46:d9:b8:fa:45:f6:0d:8a:9d:
47:47:fe:10:1f:54:69:8c:eb:5d:71:d5:69:dc:0f:
12:9f:7b:a1:3e:e4:79:77:0b:f1:f3:33:9f:a8:75:
5c:3c:1f:38:96:c9:6f:8e:f4:b7:33:d8:51:c7:43:
42:1f:8f:7f:99:8e:d7:16:e0:cd:c8:c5:71:ac:4e:
07:c5:59:88:c6:97:55:a8:1c:ef:c8:43:30:25:7d:
8d:00:65:ab:bc:6f:d4:54:48:3b:6f:d6:e6:6f:ee:
da:3a:93:73:c3:9c:79:27:3a:fe:01:8f:67:24:91:
d1:92:1b:76:90:df:68:2b:8f:74:06:bd:f3:e3:96:
31:90:23:31:49:e9:76:51:ee:8f:3e:85:78:3c:99:
e4:84:4d:1a:61:86:8f:22:d2:b6:90:96:f4:ca:52:
c5:c7:3c:c9:cc:bd:3f:6b:56:df:df:21:0d:b3:09:
05:12:b5:37:ee:61:26:a6:0d:21:d7:52:f9:49:0d:
17:8c:44:ab:72:82:0c:db:05:33:77:67:70:bb:94:
4c:db:07:97:58:77:f2:28:95:6e:97:d2:f3:6f:fa:
b9:58:23:e1:39:81:b0:c5:1c:df:7f:45:5c:b1:8f:
89:bd:b8:51:0d:6a:a5:db:9d:8f:97:05:2d:fa:3b:
15:04:67:b4:b4:b2:fd:fb:69:b9:d3:73:0c:56:79:
e2:67:7a:0d:f8:6d:60:04:48:99:c4:7e:6a:8c:b0:
73:d1:70:a7:7d:0b:c5:6d:40:72:fb:58:fd:b4:46:
8c:a0:40:87:1c:23:75:1a:8a:4b:40:3b:f3:38:50:
18:3d:99:d3:2d:81:87:dc:27:22:39:36:fd:59:b9:
03:63:1c:76:ff:a8:0b:7b:8f:de:ff:6d:59:18:3e:
e5:a9:0f:b8:2f:fd:52:5a:7a:e4:d4:03:4b:25:9a:
50:e5:1b:80:ce:ab:4a:04:0e:5f:a8:31:01:38:ea:
7f:1e:b5:0a:a5:65:f9:b0:c4:24:55:89:6e:8d:9e:
3a:cf:e9:9a:f5:8c:e1:1b:ee:29:2b:3b:16:51:d8:
77:fe:95:f9:15:d3:a9:61:30:bc:94:0a:7d:98:87:
d2:82:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:6C:F7:40:34:DD:ED:0E:25:46:5D:16:65:4D:8F:ED:29:E8:5E:A7
X509v3 Authority Key Identifier:
keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
d6:e5:f9:73:b4:50:98:ab:e9:6d:44:ef:4c:32:c4:88:bc:40:
3d:1c:80:a2:04:09:da:e0:3d:9d:e2:c5:2b:1d:64:7b:84:81:
4a:30:57:5a:c0:49:48:77:0b:c0:15:3e:cd:52:a9:d7:33:29:
eb:95:ce:b1:a2:9b:7c:9d:ac:53:3d:a7:2c:b0:f1:a5:d2:81:
c2:23:ea:bb:cd:e4:3f:e3:18:b4:70:6d:7d:23:1c:82:cc:01:
67:f9:2e:a9:8a:9e:94:ac:aa:ef:a3:9c:66:13:e7:b9:11:2f:
e5:52:c2:fe:92:f6:85:3f:3d:35:ad:57:15:d9:b8:19:b8:43:
73:62:f0:5a:55:d6:f3:18:7c:9f:79:fc:11:b8:ac:f6:a7:14:
e0:93:b1:9a:a8:42:1a:32:a8:36:43:87:b4:0d:76:2f:a5:ca:
66:4b:c4:cf:58:ec:c2:75:1b:32:58:8c:be:cc:b8:4a:0c:bd:
75:17:3d:b9:21:0b:e8:57:ea:84:92:e2:f8:d2:35:11:23:62:
4d:64:d0:3b:db:d5:1c:14:03:a7:ff:d9:0a:64:eb:36:2d:79:
6b:13:9f:d4:8d:08:01:86:83:10:a4:24:88:ea:6a:b4:75:07:
ab:54:87:2a:b6:87:23:d9:b0:00:d4:ba:6a:1d:db:ab:49:f2:
59:40:1f:6e:32:13:15:a7:40:3d:6a:22:24:12:4e:47:42:37:
9c:27:f5:d2:93:3f:40:77:f8:c5:db:9b:f0:92:15:51:74:0d:
5b:3c:f5:8b:a1:9c:39:f9:8b:41:3a:7b:57:00:31:d6:ca:e1:
5f:ef:54:7d:69:ba:2f:ce:52:6f:77:f6:b6:2c:c8:d8:d5:bc:
c9:99:d1:5a:5e:0f:b7:a4:24:09:58:07:af:bf:bc:1b:42:7b:
9c:31:22:5a:b8:bb:24:24:af:5b:5e:f5:a3:48:b1:bb:5c:ed:
86:87:70:af:10:6c:4e:34:d1:3e:2d:03:a8:4a:bf:67:1c:c6:
61:18:b1:82:75:5b:a0:b2:2f:1e:8d:f8:6a:bd:47:53:94:b2:
2c:93:74:c4:d6:d0:28:42:cf:4b:2f:61:81:86:42:53:ce:2f:
6b:e2:8e:aa:bf:9e:d1:9d:6a:2a:d3:83:0b:c0:df:fc:19:f3:
58:a0:ed:14:65:0f:87:9d:53:0b:d0:8d:fe:bb:97:8c:97:84:
f8:d4:c0:2c:99:44:99:83:3f:6d:d4:e9:c5:b0:8d:b9:df:d7:
5c:d3:fd:b9:90:36:1f:83:ba:53:dd:d0:8a:c6:a1:85:85:39:
af:6b:9b:da:c3:1c:27:f3:3d:94:af:65:12:07:98:f5:5d:de:
1a:d3:32:15:7a:d7:f7:63
Chain CA:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4096 (0x1000)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com
Validity
Not Before: Jan 1 00:00:00 2018 GMT
Not After : Jan 1 00:00:00 2048 GMT
Subject: C = IR, ST = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Intermediate Certificate Authority, emailAddress = iu@sample.tld.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:ad:d4:fd:41:15:a9:9e:ee:ef:09:3f:3f:54:55:
b4:bc:eb:15:d7:e8:3f:3d:5c:6a:f1:6e:83:33:da:
98:d5:e8:f8:ee:a3:62:a0:5a:bd:e0:a6:b3:c3:a1:
2c:7f:80:32:e5:f7:a9:0d:e0:33:2f:16:03:bd:59:
f4:47:6c:2b:6a:c3:d1:bf:a8:98:d6:1a:25:48:45:
94:cc:f4:3b:00:fa:3a:62:5f:1d:2e:e6:e3:cc:f8:
4e:78:8e:0d:93:ca:46:d9:b8:fa:45:f6:0d:8a:9d:
47:47:fe:10:1f:54:69:8c:eb:5d:71:d5:69:dc:0f:
12:9f:7b:a1:3e:e4:79:77:0b:f1:f3:33:9f:a8:75:
5c:3c:1f:38:96:c9:6f:8e:f4:b7:33:d8:51:c7:43:
42:1f:8f:7f:99:8e:d7:16:e0:cd:c8:c5:71:ac:4e:
07:c5:59:88:c6:97:55:a8:1c:ef:c8:43:30:25:7d:
8d:00:65:ab:bc:6f:d4:54:48:3b:6f:d6:e6:6f:ee:
da:3a:93:73:c3:9c:79:27:3a:fe:01:8f:67:24:91:
d1:92:1b:76:90:df:68:2b:8f:74:06:bd:f3:e3:96:
31:90:23:31:49:e9:76:51:ee:8f:3e:85:78:3c:99:
e4:84:4d:1a:61:86:8f:22:d2:b6:90:96:f4:ca:52:
c5:c7:3c:c9:cc:bd:3f:6b:56:df:df:21:0d:b3:09:
05:12:b5:37:ee:61:26:a6:0d:21:d7:52:f9:49:0d:
17:8c:44:ab:72:82:0c:db:05:33:77:67:70:bb:94:
4c:db:07:97:58:77:f2:28:95:6e:97:d2:f3:6f:fa:
b9:58:23:e1:39:81:b0:c5:1c:df:7f:45:5c:b1:8f:
89:bd:b8:51:0d:6a:a5:db:9d:8f:97:05:2d:fa:3b:
15:04:67:b4:b4:b2:fd:fb:69:b9:d3:73:0c:56:79:
e2:67:7a:0d:f8:6d:60:04:48:99:c4:7e:6a:8c:b0:
73:d1:70:a7:7d:0b:c5:6d:40:72:fb:58:fd:b4:46:
8c:a0:40:87:1c:23:75:1a:8a:4b:40:3b:f3:38:50:
18:3d:99:d3:2d:81:87:dc:27:22:39:36:fd:59:b9:
03:63:1c:76:ff:a8:0b:7b:8f:de:ff:6d:59:18:3e:
e5:a9:0f:b8:2f:fd:52:5a:7a:e4:d4:03:4b:25:9a:
50:e5:1b:80:ce:ab:4a:04:0e:5f:a8:31:01:38:ea:
7f:1e:b5:0a:a5:65:f9:b0:c4:24:55:89:6e:8d:9e:
3a:cf:e9:9a:f5:8c:e1:1b:ee:29:2b:3b:16:51:d8:
77:fe:95:f9:15:d3:a9:61:30:bc:94:0a:7d:98:87:
d2:82:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:6C:F7:40:34:DD:ED:0E:25:46:5D:16:65:4D:8F:ED:29:E8:5E:A7
X509v3 Authority Key Identifier:
keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
d6:e5:f9:73:b4:50:98:ab:e9:6d:44:ef:4c:32:c4:88:bc:40:
3d:1c:80:a2:04:09:da:e0:3d:9d:e2:c5:2b:1d:64:7b:84:81:
4a:30:57:5a:c0:49:48:77:0b:c0:15:3e:cd:52:a9:d7:33:29:
eb:95:ce:b1:a2:9b:7c:9d:ac:53:3d:a7:2c:b0:f1:a5:d2:81:
c2:23:ea:bb:cd:e4:3f:e3:18:b4:70:6d:7d:23:1c:82:cc:01:
67:f9:2e:a9:8a:9e:94:ac:aa:ef:a3:9c:66:13:e7:b9:11:2f:
e5:52:c2:fe:92:f6:85:3f:3d:35:ad:57:15:d9:b8:19:b8:43:
73:62:f0:5a:55:d6:f3:18:7c:9f:79:fc:11:b8:ac:f6:a7:14:
e0:93:b1:9a:a8:42:1a:32:a8:36:43:87:b4:0d:76:2f:a5:ca:
66:4b:c4:cf:58:ec:c2:75:1b:32:58:8c:be:cc:b8:4a:0c:bd:
75:17:3d:b9:21:0b:e8:57:ea:84:92:e2:f8:d2:35:11:23:62:
4d:64:d0:3b:db:d5:1c:14:03:a7:ff:d9:0a:64:eb:36:2d:79:
6b:13:9f:d4:8d:08:01:86:83:10:a4:24:88:ea:6a:b4:75:07:
ab:54:87:2a:b6:87:23:d9:b0:00:d4:ba:6a:1d:db:ab:49:f2:
59:40:1f:6e:32:13:15:a7:40:3d:6a:22:24:12:4e:47:42:37:
9c:27:f5:d2:93:3f:40:77:f8:c5:db:9b:f0:92:15:51:74:0d:
5b:3c:f5:8b:a1:9c:39:f9:8b:41:3a:7b:57:00:31:d6:ca:e1:
5f:ef:54:7d:69:ba:2f:ce:52:6f:77:f6:b6:2c:c8:d8:d5:bc:
c9:99:d1:5a:5e:0f:b7:a4:24:09:58:07:af:bf:bc:1b:42:7b:
9c:31:22:5a:b8:bb:24:24:af:5b:5e:f5:a3:48:b1:bb:5c:ed:
86:87:70:af:10:6c:4e:34:d1:3e:2d:03:a8:4a:bf:67:1c:c6:
61:18:b1:82:75:5b:a0:b2:2f:1e:8d:f8:6a:bd:47:53:94:b2:
2c:93:74:c4:d6:d0:28:42:cf:4b:2f:61:81:86:42:53:ce:2f:
6b:e2:8e:aa:bf:9e:d1:9d:6a:2a:d3:83:0b:c0:df:fc:19:f3:
58:a0:ed:14:65:0f:87:9d:53:0b:d0:8d:fe:bb:97:8c:97:84:
f8:d4:c0:2c:99:44:99:83:3f:6d:d4:e9:c5:b0:8d:b9:df:d7:
5c:d3:fd:b9:90:36:1f:83:ba:53:dd:d0:8a:c6:a1:85:85:39:
af:6b:9b:da:c3:1c:27:f3:3d:94:af:65:12:07:98:f5:5d:de:
1a:d3:32:15:7a:d7:f7:63
certificate openssl certificate-authority
1
openssl x509 -noout -text -in <certificate file>
will give you a better view of your certificates than an image. Copy/paste the output for all of your certificates into your question.
– garethTheRed
Nov 14 at 19:17
@garethTheRed added.
– sweb
Nov 14 at 19:54
2
You only add the Root CA certificate to Firefox (or any other browser and/or Operating System). All other certificates are added to the bundle end-entity first, followed by the CA that signed it, followed by the CA that signed that, all the way to the last Intermediate CA. There's no need to add the Root CA here as that's installed in Firefox (or similar). This bundle is then installed in your web-server.
– garethTheRed
Nov 14 at 21:14
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I follow https://jamielinux.com/docs/openssl-certificate-authority/index.html and after create root and intermediate ca the chain file dosnt have hierarchy like other ca.
Here's the sample of expected hierarchy:
- Root ca creation
- Intermediate CA created and singed by root ca
- domain cert created and singed by intermediate.
Create https://jamielinux.com/docs/openssl-certificate-authority/create-the-intermediate-pair.html#create-the-certificate-chain-file
But after import ca-chain.cert.pem
via firefox that contain intermediate and root (exactly this order) . Just import the intermediate.
After importing in browser website work well but there is no root ca in hierarchy. just intermediate then website certification.
Even after import root ca the cert doesn't hierarchy as i expected.
What i missed?
Root ca:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
f1:61:fb:1e:9e:12:3d:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com
Validity
Not Before: Jan 1 00:00:00 2018 GMT
Not After : Jan 1 00:00:00 2058 GMT
Subject: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:dc:20:86:ef:e7:01:fe:a8:6f:72:c1:b0:19:f3:
54:4c:36:f8:c9:c3:e9:82:58:e1:40:d0:dc:94:40:
7e:81:44:bc:83:a2:60:b0:60:b5:07:db:8a:23:ba:
21:d6:b6:9e:72:fd:03:86:6c:87:92:2c:f0:f9:4c:
64:e3:42:50:e4:93:ce:49:55:ce:c6:ce:cd:36:af:
2f:d2:f8:61:21:92:2e:67:0a:57:13:7f:e5:d6:a0:
42:1e:61:46:f2:c5:f3:0d:05:19:09:93:b5:7d:6b:
23:d1:a4:ae:9d:e4:22:9e:17:f5:b8:38:11:f6:f7:
29:6c:a1:7e:b5:68:34:9d:31:b8:cb:bd:b8:fb:9a:
25:f6:96:8b:6b:21:22:38:f0:a6:b4:5a:3a:00:94:
f4:de:2c:15:98:b1:82:8b:fa:f2:0e:e8:8e:2e:69:
86:0f:f6:f4:82:8d:b5:6f:00:8b:cc:3c:29:b8:2d:
fa:03:c2:7f:46:c5:0b:9f:4e:ee:f5:82:d5:b2:9f:
29:3b:43:b8:0b:90:05:f6:53:68:be:f2:d2:91:f9:
ec:5a:3f:83:d0:0f:49:6a:7f:d9:a3:72:d0:8f:74:
a6:4b:c8:31:bd:ac:45:6b:51:c4:46:0d:aa:31:3d:
03:bb:fc:7f:50:c6:ec:57:72:84:40:a8:4f:1d:14:
b6:4d:30:6c:2f:b1:69:7a:9b:1f:8f:f9:af:a3:00:
df:96:df:df:e6:b9:6d:5e:bc:1e:40:e7:ee:fe:18:
aa:bb:19:e5:26:9f:79:01:76:06:26:6b:43:cb:15:
41:aa:01:19:d9:11:19:7b:df:99:8c:68:8d:4b:a9:
76:3b:32:ff:68:4d:5c:0e:5d:c7:5f:ed:1a:20:f4:
68:29:0b:21:ac:79:05:9a:57:0a:54:d7:7d:06:83:
f9:b5:79:09:65:fa:c2:83:6d:b6:77:3e:e0:b2:ac:
15:b4:88:22:95:64:70:27:88:50:2b:e4:2e:6f:df:
f1:3c:fa:21:70:c2:bf:54:18:3e:2a:6f:2f:28:0f:
d3:83:61:6c:b5:9d:5e:4f:f8:8a:3b:75:ef:e9:97:
58:98:2f:31:39:cd:dd:18:ff:fc:ce:d0:83:72:23:
4f:e1:66:a4:0b:2a:5d:44:79:e4:7b:6a:67:d5:c5:
6a:a7:c9:ff:7e:1c:1b:20:e9:18:ee:69:cd:5b:cb:
f1:c3:cd:9e:62:38:f3:b0:f3:70:f8:0e:2f:c9:7b:
27:6e:5b:e4:78:b8:a2:b4:5a:26:ff:9f:bd:c6:b1:
2d:5b:a4:b3:49:17:24:68:02:be:b9:7e:c3:d5:37:
ca:c3:b4:bd:1b:28:fd:70:45:4f:9e:7e:1b:2a:14:
3d:cf:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F
X509v3 Authority Key Identifier:
keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Issuer Alternative Name:
<EMPTY>
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
8a:33:b3:59:6d:30:11:d1:df:71:fa:ed:90:02:13:40:84:e0:
54:3e:88:ce:12:07:c9:29:ce:44:69:c0:e8:d4:90:e3:48:5c:
0c:6d:4f:c4:d6:af:a3:c5:86:ff:d1:93:8f:9b:b3:5e:8f:37:
fa:9c:93:cd:a8:0d:71:28:91:fa:06:17:70:a4:be:7a:30:b1:
76:c3:33:f2:4b:a7:b8:ec:a7:f9:76:e9:08:cb:b3:1b:cd:a5:
5f:c6:1a:85:7c:76:d4:67:da:d4:80:6d:be:80:4b:5c:f6:d0:
f8:f5:47:12:73:92:35:86:f2:76:4f:82:2c:e9:ec:1b:bf:5b:
cb:fa:31:65:41:ad:6f:e6:71:76:76:46:e7:51:b2:d0:fe:77:
76:2f:49:9d:c2:79:7a:94:9b:a8:42:4e:91:bb:72:60:c6:91:
e9:e6:cf:59:17:20:75:14:90:42:7c:c9:5d:27:10:b9:81:c0:
a5:43:3d:0a:e0:c6:ba:7e:e9:9a:98:02:a6:bf:5d:55:2b:31:
b9:0a:91:d7:f0:28:07:0b:80:e2:1c:0e:5f:c8:f8:88:17:3d:
8b:b0:b3:df:09:e3:0d:4b:1c:ed:d9:d1:8a:9a:d8:d8:b0:e6:
bf:9f:1e:14:86:45:47:5a:c5:e3:90:06:b7:0a:72:60:0d:0d:
2c:bd:ce:19:57:02:09:e0:d8:6e:ed:9a:7e:d6:8d:18:42:fc:
32:54:88:c1:87:98:0b:7e:ca:dd:9a:3e:d8:5b:00:91:28:ea:
2b:35:ad:36:6c:9d:e0:cc:41:cd:e9:31:75:ec:2c:e5:5e:24:
59:cd:f6:cb:14:42:e1:b6:30:84:6e:f2:13:8a:9e:32:0e:34:
1a:4f:5d:a7:19:67:64:84:29:5f:ec:7e:18:1a:7f:0c:65:6a:
04:8a:fa:a2:2b:76:ff:1f:c4:0a:5f:1b:df:4e:6b:60:58:ae:
37:d8:b8:3b:09:fa:34:8e:6a:e2:1c:a5:c6:a5:2c:a1:22:09:
03:91:b5:16:d6:d5:60:0b:a9:c2:8d:f4:6f:2c:1e:43:60:9d:
a3:8b:5c:34:ef:89:e5:93:ba:93:f8:92:96:fb:d2:f4:4b:68:
ca:0a:8c:58:d4:e2:cd:8e:e4:d7:90:1c:79:6f:c7:c2:61:ae:
e7:52:07:70:e2:d9:b4:59:b2:73:c4:eb:f0:39:09:3f:b3:69:
c7:2e:29:28:f5:a3:cd:fb:fd:2c:6b:b6:ad:de:f4:86:c4:e7:
20:e2:fc:37:40:95:b2:11:27:48:3c:3e:1c:f9:bd:fe:d2:56:
4d:a4:21:9c:85:eb:95:f1:bb:82:72:10:1c:d5:ff:eb:78:eb:
c7:5c:5f:fd:ec:0c:07:66
Intermediate CA:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4096 (0x1000)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com
Validity
Not Before: Jan 1 00:00:00 2018 GMT
Not After : Jan 1 00:00:00 2048 GMT
Subject: C = IR, ST = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Intermediate Certificate Authority, emailAddress = iu@sample.tld.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:ad:d4:fd:41:15:a9:9e:ee:ef:09:3f:3f:54:55:
b4:bc:eb:15:d7:e8:3f:3d:5c:6a:f1:6e:83:33:da:
98:d5:e8:f8:ee:a3:62:a0:5a:bd:e0:a6:b3:c3:a1:
2c:7f:80:32:e5:f7:a9:0d:e0:33:2f:16:03:bd:59:
f4:47:6c:2b:6a:c3:d1:bf:a8:98:d6:1a:25:48:45:
94:cc:f4:3b:00:fa:3a:62:5f:1d:2e:e6:e3:cc:f8:
4e:78:8e:0d:93:ca:46:d9:b8:fa:45:f6:0d:8a:9d:
47:47:fe:10:1f:54:69:8c:eb:5d:71:d5:69:dc:0f:
12:9f:7b:a1:3e:e4:79:77:0b:f1:f3:33:9f:a8:75:
5c:3c:1f:38:96:c9:6f:8e:f4:b7:33:d8:51:c7:43:
42:1f:8f:7f:99:8e:d7:16:e0:cd:c8:c5:71:ac:4e:
07:c5:59:88:c6:97:55:a8:1c:ef:c8:43:30:25:7d:
8d:00:65:ab:bc:6f:d4:54:48:3b:6f:d6:e6:6f:ee:
da:3a:93:73:c3:9c:79:27:3a:fe:01:8f:67:24:91:
d1:92:1b:76:90:df:68:2b:8f:74:06:bd:f3:e3:96:
31:90:23:31:49:e9:76:51:ee:8f:3e:85:78:3c:99:
e4:84:4d:1a:61:86:8f:22:d2:b6:90:96:f4:ca:52:
c5:c7:3c:c9:cc:bd:3f:6b:56:df:df:21:0d:b3:09:
05:12:b5:37:ee:61:26:a6:0d:21:d7:52:f9:49:0d:
17:8c:44:ab:72:82:0c:db:05:33:77:67:70:bb:94:
4c:db:07:97:58:77:f2:28:95:6e:97:d2:f3:6f:fa:
b9:58:23:e1:39:81:b0:c5:1c:df:7f:45:5c:b1:8f:
89:bd:b8:51:0d:6a:a5:db:9d:8f:97:05:2d:fa:3b:
15:04:67:b4:b4:b2:fd:fb:69:b9:d3:73:0c:56:79:
e2:67:7a:0d:f8:6d:60:04:48:99:c4:7e:6a:8c:b0:
73:d1:70:a7:7d:0b:c5:6d:40:72:fb:58:fd:b4:46:
8c:a0:40:87:1c:23:75:1a:8a:4b:40:3b:f3:38:50:
18:3d:99:d3:2d:81:87:dc:27:22:39:36:fd:59:b9:
03:63:1c:76:ff:a8:0b:7b:8f:de:ff:6d:59:18:3e:
e5:a9:0f:b8:2f:fd:52:5a:7a:e4:d4:03:4b:25:9a:
50:e5:1b:80:ce:ab:4a:04:0e:5f:a8:31:01:38:ea:
7f:1e:b5:0a:a5:65:f9:b0:c4:24:55:89:6e:8d:9e:
3a:cf:e9:9a:f5:8c:e1:1b:ee:29:2b:3b:16:51:d8:
77:fe:95:f9:15:d3:a9:61:30:bc:94:0a:7d:98:87:
d2:82:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:6C:F7:40:34:DD:ED:0E:25:46:5D:16:65:4D:8F:ED:29:E8:5E:A7
X509v3 Authority Key Identifier:
keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
d6:e5:f9:73:b4:50:98:ab:e9:6d:44:ef:4c:32:c4:88:bc:40:
3d:1c:80:a2:04:09:da:e0:3d:9d:e2:c5:2b:1d:64:7b:84:81:
4a:30:57:5a:c0:49:48:77:0b:c0:15:3e:cd:52:a9:d7:33:29:
eb:95:ce:b1:a2:9b:7c:9d:ac:53:3d:a7:2c:b0:f1:a5:d2:81:
c2:23:ea:bb:cd:e4:3f:e3:18:b4:70:6d:7d:23:1c:82:cc:01:
67:f9:2e:a9:8a:9e:94:ac:aa:ef:a3:9c:66:13:e7:b9:11:2f:
e5:52:c2:fe:92:f6:85:3f:3d:35:ad:57:15:d9:b8:19:b8:43:
73:62:f0:5a:55:d6:f3:18:7c:9f:79:fc:11:b8:ac:f6:a7:14:
e0:93:b1:9a:a8:42:1a:32:a8:36:43:87:b4:0d:76:2f:a5:ca:
66:4b:c4:cf:58:ec:c2:75:1b:32:58:8c:be:cc:b8:4a:0c:bd:
75:17:3d:b9:21:0b:e8:57:ea:84:92:e2:f8:d2:35:11:23:62:
4d:64:d0:3b:db:d5:1c:14:03:a7:ff:d9:0a:64:eb:36:2d:79:
6b:13:9f:d4:8d:08:01:86:83:10:a4:24:88:ea:6a:b4:75:07:
ab:54:87:2a:b6:87:23:d9:b0:00:d4:ba:6a:1d:db:ab:49:f2:
59:40:1f:6e:32:13:15:a7:40:3d:6a:22:24:12:4e:47:42:37:
9c:27:f5:d2:93:3f:40:77:f8:c5:db:9b:f0:92:15:51:74:0d:
5b:3c:f5:8b:a1:9c:39:f9:8b:41:3a:7b:57:00:31:d6:ca:e1:
5f:ef:54:7d:69:ba:2f:ce:52:6f:77:f6:b6:2c:c8:d8:d5:bc:
c9:99:d1:5a:5e:0f:b7:a4:24:09:58:07:af:bf:bc:1b:42:7b:
9c:31:22:5a:b8:bb:24:24:af:5b:5e:f5:a3:48:b1:bb:5c:ed:
86:87:70:af:10:6c:4e:34:d1:3e:2d:03:a8:4a:bf:67:1c:c6:
61:18:b1:82:75:5b:a0:b2:2f:1e:8d:f8:6a:bd:47:53:94:b2:
2c:93:74:c4:d6:d0:28:42:cf:4b:2f:61:81:86:42:53:ce:2f:
6b:e2:8e:aa:bf:9e:d1:9d:6a:2a:d3:83:0b:c0:df:fc:19:f3:
58:a0:ed:14:65:0f:87:9d:53:0b:d0:8d:fe:bb:97:8c:97:84:
f8:d4:c0:2c:99:44:99:83:3f:6d:d4:e9:c5:b0:8d:b9:df:d7:
5c:d3:fd:b9:90:36:1f:83:ba:53:dd:d0:8a:c6:a1:85:85:39:
af:6b:9b:da:c3:1c:27:f3:3d:94:af:65:12:07:98:f5:5d:de:
1a:d3:32:15:7a:d7:f7:63
Chain CA:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4096 (0x1000)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com
Validity
Not Before: Jan 1 00:00:00 2018 GMT
Not After : Jan 1 00:00:00 2048 GMT
Subject: C = IR, ST = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Intermediate Certificate Authority, emailAddress = iu@sample.tld.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:ad:d4:fd:41:15:a9:9e:ee:ef:09:3f:3f:54:55:
b4:bc:eb:15:d7:e8:3f:3d:5c:6a:f1:6e:83:33:da:
98:d5:e8:f8:ee:a3:62:a0:5a:bd:e0:a6:b3:c3:a1:
2c:7f:80:32:e5:f7:a9:0d:e0:33:2f:16:03:bd:59:
f4:47:6c:2b:6a:c3:d1:bf:a8:98:d6:1a:25:48:45:
94:cc:f4:3b:00:fa:3a:62:5f:1d:2e:e6:e3:cc:f8:
4e:78:8e:0d:93:ca:46:d9:b8:fa:45:f6:0d:8a:9d:
47:47:fe:10:1f:54:69:8c:eb:5d:71:d5:69:dc:0f:
12:9f:7b:a1:3e:e4:79:77:0b:f1:f3:33:9f:a8:75:
5c:3c:1f:38:96:c9:6f:8e:f4:b7:33:d8:51:c7:43:
42:1f:8f:7f:99:8e:d7:16:e0:cd:c8:c5:71:ac:4e:
07:c5:59:88:c6:97:55:a8:1c:ef:c8:43:30:25:7d:
8d:00:65:ab:bc:6f:d4:54:48:3b:6f:d6:e6:6f:ee:
da:3a:93:73:c3:9c:79:27:3a:fe:01:8f:67:24:91:
d1:92:1b:76:90:df:68:2b:8f:74:06:bd:f3:e3:96:
31:90:23:31:49:e9:76:51:ee:8f:3e:85:78:3c:99:
e4:84:4d:1a:61:86:8f:22:d2:b6:90:96:f4:ca:52:
c5:c7:3c:c9:cc:bd:3f:6b:56:df:df:21:0d:b3:09:
05:12:b5:37:ee:61:26:a6:0d:21:d7:52:f9:49:0d:
17:8c:44:ab:72:82:0c:db:05:33:77:67:70:bb:94:
4c:db:07:97:58:77:f2:28:95:6e:97:d2:f3:6f:fa:
b9:58:23:e1:39:81:b0:c5:1c:df:7f:45:5c:b1:8f:
89:bd:b8:51:0d:6a:a5:db:9d:8f:97:05:2d:fa:3b:
15:04:67:b4:b4:b2:fd:fb:69:b9:d3:73:0c:56:79:
e2:67:7a:0d:f8:6d:60:04:48:99:c4:7e:6a:8c:b0:
73:d1:70:a7:7d:0b:c5:6d:40:72:fb:58:fd:b4:46:
8c:a0:40:87:1c:23:75:1a:8a:4b:40:3b:f3:38:50:
18:3d:99:d3:2d:81:87:dc:27:22:39:36:fd:59:b9:
03:63:1c:76:ff:a8:0b:7b:8f:de:ff:6d:59:18:3e:
e5:a9:0f:b8:2f:fd:52:5a:7a:e4:d4:03:4b:25:9a:
50:e5:1b:80:ce:ab:4a:04:0e:5f:a8:31:01:38:ea:
7f:1e:b5:0a:a5:65:f9:b0:c4:24:55:89:6e:8d:9e:
3a:cf:e9:9a:f5:8c:e1:1b:ee:29:2b:3b:16:51:d8:
77:fe:95:f9:15:d3:a9:61:30:bc:94:0a:7d:98:87:
d2:82:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:6C:F7:40:34:DD:ED:0E:25:46:5D:16:65:4D:8F:ED:29:E8:5E:A7
X509v3 Authority Key Identifier:
keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
d6:e5:f9:73:b4:50:98:ab:e9:6d:44:ef:4c:32:c4:88:bc:40:
3d:1c:80:a2:04:09:da:e0:3d:9d:e2:c5:2b:1d:64:7b:84:81:
4a:30:57:5a:c0:49:48:77:0b:c0:15:3e:cd:52:a9:d7:33:29:
eb:95:ce:b1:a2:9b:7c:9d:ac:53:3d:a7:2c:b0:f1:a5:d2:81:
c2:23:ea:bb:cd:e4:3f:e3:18:b4:70:6d:7d:23:1c:82:cc:01:
67:f9:2e:a9:8a:9e:94:ac:aa:ef:a3:9c:66:13:e7:b9:11:2f:
e5:52:c2:fe:92:f6:85:3f:3d:35:ad:57:15:d9:b8:19:b8:43:
73:62:f0:5a:55:d6:f3:18:7c:9f:79:fc:11:b8:ac:f6:a7:14:
e0:93:b1:9a:a8:42:1a:32:a8:36:43:87:b4:0d:76:2f:a5:ca:
66:4b:c4:cf:58:ec:c2:75:1b:32:58:8c:be:cc:b8:4a:0c:bd:
75:17:3d:b9:21:0b:e8:57:ea:84:92:e2:f8:d2:35:11:23:62:
4d:64:d0:3b:db:d5:1c:14:03:a7:ff:d9:0a:64:eb:36:2d:79:
6b:13:9f:d4:8d:08:01:86:83:10:a4:24:88:ea:6a:b4:75:07:
ab:54:87:2a:b6:87:23:d9:b0:00:d4:ba:6a:1d:db:ab:49:f2:
59:40:1f:6e:32:13:15:a7:40:3d:6a:22:24:12:4e:47:42:37:
9c:27:f5:d2:93:3f:40:77:f8:c5:db:9b:f0:92:15:51:74:0d:
5b:3c:f5:8b:a1:9c:39:f9:8b:41:3a:7b:57:00:31:d6:ca:e1:
5f:ef:54:7d:69:ba:2f:ce:52:6f:77:f6:b6:2c:c8:d8:d5:bc:
c9:99:d1:5a:5e:0f:b7:a4:24:09:58:07:af:bf:bc:1b:42:7b:
9c:31:22:5a:b8:bb:24:24:af:5b:5e:f5:a3:48:b1:bb:5c:ed:
86:87:70:af:10:6c:4e:34:d1:3e:2d:03:a8:4a:bf:67:1c:c6:
61:18:b1:82:75:5b:a0:b2:2f:1e:8d:f8:6a:bd:47:53:94:b2:
2c:93:74:c4:d6:d0:28:42:cf:4b:2f:61:81:86:42:53:ce:2f:
6b:e2:8e:aa:bf:9e:d1:9d:6a:2a:d3:83:0b:c0:df:fc:19:f3:
58:a0:ed:14:65:0f:87:9d:53:0b:d0:8d:fe:bb:97:8c:97:84:
f8:d4:c0:2c:99:44:99:83:3f:6d:d4:e9:c5:b0:8d:b9:df:d7:
5c:d3:fd:b9:90:36:1f:83:ba:53:dd:d0:8a:c6:a1:85:85:39:
af:6b:9b:da:c3:1c:27:f3:3d:94:af:65:12:07:98:f5:5d:de:
1a:d3:32:15:7a:d7:f7:63
certificate openssl certificate-authority
I follow https://jamielinux.com/docs/openssl-certificate-authority/index.html and after create root and intermediate ca the chain file dosnt have hierarchy like other ca.
Here's the sample of expected hierarchy:
- Root ca creation
- Intermediate CA created and singed by root ca
- domain cert created and singed by intermediate.
Create https://jamielinux.com/docs/openssl-certificate-authority/create-the-intermediate-pair.html#create-the-certificate-chain-file
But after import ca-chain.cert.pem
via firefox that contain intermediate and root (exactly this order) . Just import the intermediate.
After importing in browser website work well but there is no root ca in hierarchy. just intermediate then website certification.
Even after import root ca the cert doesn't hierarchy as i expected.
What i missed?
Root ca:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
f1:61:fb:1e:9e:12:3d:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com
Validity
Not Before: Jan 1 00:00:00 2018 GMT
Not After : Jan 1 00:00:00 2058 GMT
Subject: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:dc:20:86:ef:e7:01:fe:a8:6f:72:c1:b0:19:f3:
54:4c:36:f8:c9:c3:e9:82:58:e1:40:d0:dc:94:40:
7e:81:44:bc:83:a2:60:b0:60:b5:07:db:8a:23:ba:
21:d6:b6:9e:72:fd:03:86:6c:87:92:2c:f0:f9:4c:
64:e3:42:50:e4:93:ce:49:55:ce:c6:ce:cd:36:af:
2f:d2:f8:61:21:92:2e:67:0a:57:13:7f:e5:d6:a0:
42:1e:61:46:f2:c5:f3:0d:05:19:09:93:b5:7d:6b:
23:d1:a4:ae:9d:e4:22:9e:17:f5:b8:38:11:f6:f7:
29:6c:a1:7e:b5:68:34:9d:31:b8:cb:bd:b8:fb:9a:
25:f6:96:8b:6b:21:22:38:f0:a6:b4:5a:3a:00:94:
f4:de:2c:15:98:b1:82:8b:fa:f2:0e:e8:8e:2e:69:
86:0f:f6:f4:82:8d:b5:6f:00:8b:cc:3c:29:b8:2d:
fa:03:c2:7f:46:c5:0b:9f:4e:ee:f5:82:d5:b2:9f:
29:3b:43:b8:0b:90:05:f6:53:68:be:f2:d2:91:f9:
ec:5a:3f:83:d0:0f:49:6a:7f:d9:a3:72:d0:8f:74:
a6:4b:c8:31:bd:ac:45:6b:51:c4:46:0d:aa:31:3d:
03:bb:fc:7f:50:c6:ec:57:72:84:40:a8:4f:1d:14:
b6:4d:30:6c:2f:b1:69:7a:9b:1f:8f:f9:af:a3:00:
df:96:df:df:e6:b9:6d:5e:bc:1e:40:e7:ee:fe:18:
aa:bb:19:e5:26:9f:79:01:76:06:26:6b:43:cb:15:
41:aa:01:19:d9:11:19:7b:df:99:8c:68:8d:4b:a9:
76:3b:32:ff:68:4d:5c:0e:5d:c7:5f:ed:1a:20:f4:
68:29:0b:21:ac:79:05:9a:57:0a:54:d7:7d:06:83:
f9:b5:79:09:65:fa:c2:83:6d:b6:77:3e:e0:b2:ac:
15:b4:88:22:95:64:70:27:88:50:2b:e4:2e:6f:df:
f1:3c:fa:21:70:c2:bf:54:18:3e:2a:6f:2f:28:0f:
d3:83:61:6c:b5:9d:5e:4f:f8:8a:3b:75:ef:e9:97:
58:98:2f:31:39:cd:dd:18:ff:fc:ce:d0:83:72:23:
4f:e1:66:a4:0b:2a:5d:44:79:e4:7b:6a:67:d5:c5:
6a:a7:c9:ff:7e:1c:1b:20:e9:18:ee:69:cd:5b:cb:
f1:c3:cd:9e:62:38:f3:b0:f3:70:f8:0e:2f:c9:7b:
27:6e:5b:e4:78:b8:a2:b4:5a:26:ff:9f:bd:c6:b1:
2d:5b:a4:b3:49:17:24:68:02:be:b9:7e:c3:d5:37:
ca:c3:b4:bd:1b:28:fd:70:45:4f:9e:7e:1b:2a:14:
3d:cf:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F
X509v3 Authority Key Identifier:
keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Issuer Alternative Name:
<EMPTY>
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
8a:33:b3:59:6d:30:11:d1:df:71:fa:ed:90:02:13:40:84:e0:
54:3e:88:ce:12:07:c9:29:ce:44:69:c0:e8:d4:90:e3:48:5c:
0c:6d:4f:c4:d6:af:a3:c5:86:ff:d1:93:8f:9b:b3:5e:8f:37:
fa:9c:93:cd:a8:0d:71:28:91:fa:06:17:70:a4:be:7a:30:b1:
76:c3:33:f2:4b:a7:b8:ec:a7:f9:76:e9:08:cb:b3:1b:cd:a5:
5f:c6:1a:85:7c:76:d4:67:da:d4:80:6d:be:80:4b:5c:f6:d0:
f8:f5:47:12:73:92:35:86:f2:76:4f:82:2c:e9:ec:1b:bf:5b:
cb:fa:31:65:41:ad:6f:e6:71:76:76:46:e7:51:b2:d0:fe:77:
76:2f:49:9d:c2:79:7a:94:9b:a8:42:4e:91:bb:72:60:c6:91:
e9:e6:cf:59:17:20:75:14:90:42:7c:c9:5d:27:10:b9:81:c0:
a5:43:3d:0a:e0:c6:ba:7e:e9:9a:98:02:a6:bf:5d:55:2b:31:
b9:0a:91:d7:f0:28:07:0b:80:e2:1c:0e:5f:c8:f8:88:17:3d:
8b:b0:b3:df:09:e3:0d:4b:1c:ed:d9:d1:8a:9a:d8:d8:b0:e6:
bf:9f:1e:14:86:45:47:5a:c5:e3:90:06:b7:0a:72:60:0d:0d:
2c:bd:ce:19:57:02:09:e0:d8:6e:ed:9a:7e:d6:8d:18:42:fc:
32:54:88:c1:87:98:0b:7e:ca:dd:9a:3e:d8:5b:00:91:28:ea:
2b:35:ad:36:6c:9d:e0:cc:41:cd:e9:31:75:ec:2c:e5:5e:24:
59:cd:f6:cb:14:42:e1:b6:30:84:6e:f2:13:8a:9e:32:0e:34:
1a:4f:5d:a7:19:67:64:84:29:5f:ec:7e:18:1a:7f:0c:65:6a:
04:8a:fa:a2:2b:76:ff:1f:c4:0a:5f:1b:df:4e:6b:60:58:ae:
37:d8:b8:3b:09:fa:34:8e:6a:e2:1c:a5:c6:a5:2c:a1:22:09:
03:91:b5:16:d6:d5:60:0b:a9:c2:8d:f4:6f:2c:1e:43:60:9d:
a3:8b:5c:34:ef:89:e5:93:ba:93:f8:92:96:fb:d2:f4:4b:68:
ca:0a:8c:58:d4:e2:cd:8e:e4:d7:90:1c:79:6f:c7:c2:61:ae:
e7:52:07:70:e2:d9:b4:59:b2:73:c4:eb:f0:39:09:3f:b3:69:
c7:2e:29:28:f5:a3:cd:fb:fd:2c:6b:b6:ad:de:f4:86:c4:e7:
20:e2:fc:37:40:95:b2:11:27:48:3c:3e:1c:f9:bd:fe:d2:56:
4d:a4:21:9c:85:eb:95:f1:bb:82:72:10:1c:d5:ff:eb:78:eb:
c7:5c:5f:fd:ec:0c:07:66
Intermediate CA:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4096 (0x1000)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com
Validity
Not Before: Jan 1 00:00:00 2018 GMT
Not After : Jan 1 00:00:00 2048 GMT
Subject: C = IR, ST = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Intermediate Certificate Authority, emailAddress = iu@sample.tld.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:ad:d4:fd:41:15:a9:9e:ee:ef:09:3f:3f:54:55:
b4:bc:eb:15:d7:e8:3f:3d:5c:6a:f1:6e:83:33:da:
98:d5:e8:f8:ee:a3:62:a0:5a:bd:e0:a6:b3:c3:a1:
2c:7f:80:32:e5:f7:a9:0d:e0:33:2f:16:03:bd:59:
f4:47:6c:2b:6a:c3:d1:bf:a8:98:d6:1a:25:48:45:
94:cc:f4:3b:00:fa:3a:62:5f:1d:2e:e6:e3:cc:f8:
4e:78:8e:0d:93:ca:46:d9:b8:fa:45:f6:0d:8a:9d:
47:47:fe:10:1f:54:69:8c:eb:5d:71:d5:69:dc:0f:
12:9f:7b:a1:3e:e4:79:77:0b:f1:f3:33:9f:a8:75:
5c:3c:1f:38:96:c9:6f:8e:f4:b7:33:d8:51:c7:43:
42:1f:8f:7f:99:8e:d7:16:e0:cd:c8:c5:71:ac:4e:
07:c5:59:88:c6:97:55:a8:1c:ef:c8:43:30:25:7d:
8d:00:65:ab:bc:6f:d4:54:48:3b:6f:d6:e6:6f:ee:
da:3a:93:73:c3:9c:79:27:3a:fe:01:8f:67:24:91:
d1:92:1b:76:90:df:68:2b:8f:74:06:bd:f3:e3:96:
31:90:23:31:49:e9:76:51:ee:8f:3e:85:78:3c:99:
e4:84:4d:1a:61:86:8f:22:d2:b6:90:96:f4:ca:52:
c5:c7:3c:c9:cc:bd:3f:6b:56:df:df:21:0d:b3:09:
05:12:b5:37:ee:61:26:a6:0d:21:d7:52:f9:49:0d:
17:8c:44:ab:72:82:0c:db:05:33:77:67:70:bb:94:
4c:db:07:97:58:77:f2:28:95:6e:97:d2:f3:6f:fa:
b9:58:23:e1:39:81:b0:c5:1c:df:7f:45:5c:b1:8f:
89:bd:b8:51:0d:6a:a5:db:9d:8f:97:05:2d:fa:3b:
15:04:67:b4:b4:b2:fd:fb:69:b9:d3:73:0c:56:79:
e2:67:7a:0d:f8:6d:60:04:48:99:c4:7e:6a:8c:b0:
73:d1:70:a7:7d:0b:c5:6d:40:72:fb:58:fd:b4:46:
8c:a0:40:87:1c:23:75:1a:8a:4b:40:3b:f3:38:50:
18:3d:99:d3:2d:81:87:dc:27:22:39:36:fd:59:b9:
03:63:1c:76:ff:a8:0b:7b:8f:de:ff:6d:59:18:3e:
e5:a9:0f:b8:2f:fd:52:5a:7a:e4:d4:03:4b:25:9a:
50:e5:1b:80:ce:ab:4a:04:0e:5f:a8:31:01:38:ea:
7f:1e:b5:0a:a5:65:f9:b0:c4:24:55:89:6e:8d:9e:
3a:cf:e9:9a:f5:8c:e1:1b:ee:29:2b:3b:16:51:d8:
77:fe:95:f9:15:d3:a9:61:30:bc:94:0a:7d:98:87:
d2:82:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:6C:F7:40:34:DD:ED:0E:25:46:5D:16:65:4D:8F:ED:29:E8:5E:A7
X509v3 Authority Key Identifier:
keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
d6:e5:f9:73:b4:50:98:ab:e9:6d:44:ef:4c:32:c4:88:bc:40:
3d:1c:80:a2:04:09:da:e0:3d:9d:e2:c5:2b:1d:64:7b:84:81:
4a:30:57:5a:c0:49:48:77:0b:c0:15:3e:cd:52:a9:d7:33:29:
eb:95:ce:b1:a2:9b:7c:9d:ac:53:3d:a7:2c:b0:f1:a5:d2:81:
c2:23:ea:bb:cd:e4:3f:e3:18:b4:70:6d:7d:23:1c:82:cc:01:
67:f9:2e:a9:8a:9e:94:ac:aa:ef:a3:9c:66:13:e7:b9:11:2f:
e5:52:c2:fe:92:f6:85:3f:3d:35:ad:57:15:d9:b8:19:b8:43:
73:62:f0:5a:55:d6:f3:18:7c:9f:79:fc:11:b8:ac:f6:a7:14:
e0:93:b1:9a:a8:42:1a:32:a8:36:43:87:b4:0d:76:2f:a5:ca:
66:4b:c4:cf:58:ec:c2:75:1b:32:58:8c:be:cc:b8:4a:0c:bd:
75:17:3d:b9:21:0b:e8:57:ea:84:92:e2:f8:d2:35:11:23:62:
4d:64:d0:3b:db:d5:1c:14:03:a7:ff:d9:0a:64:eb:36:2d:79:
6b:13:9f:d4:8d:08:01:86:83:10:a4:24:88:ea:6a:b4:75:07:
ab:54:87:2a:b6:87:23:d9:b0:00:d4:ba:6a:1d:db:ab:49:f2:
59:40:1f:6e:32:13:15:a7:40:3d:6a:22:24:12:4e:47:42:37:
9c:27:f5:d2:93:3f:40:77:f8:c5:db:9b:f0:92:15:51:74:0d:
5b:3c:f5:8b:a1:9c:39:f9:8b:41:3a:7b:57:00:31:d6:ca:e1:
5f:ef:54:7d:69:ba:2f:ce:52:6f:77:f6:b6:2c:c8:d8:d5:bc:
c9:99:d1:5a:5e:0f:b7:a4:24:09:58:07:af:bf:bc:1b:42:7b:
9c:31:22:5a:b8:bb:24:24:af:5b:5e:f5:a3:48:b1:bb:5c:ed:
86:87:70:af:10:6c:4e:34:d1:3e:2d:03:a8:4a:bf:67:1c:c6:
61:18:b1:82:75:5b:a0:b2:2f:1e:8d:f8:6a:bd:47:53:94:b2:
2c:93:74:c4:d6:d0:28:42:cf:4b:2f:61:81:86:42:53:ce:2f:
6b:e2:8e:aa:bf:9e:d1:9d:6a:2a:d3:83:0b:c0:df:fc:19:f3:
58:a0:ed:14:65:0f:87:9d:53:0b:d0:8d:fe:bb:97:8c:97:84:
f8:d4:c0:2c:99:44:99:83:3f:6d:d4:e9:c5:b0:8d:b9:df:d7:
5c:d3:fd:b9:90:36:1f:83:ba:53:dd:d0:8a:c6:a1:85:85:39:
af:6b:9b:da:c3:1c:27:f3:3d:94:af:65:12:07:98:f5:5d:de:
1a:d3:32:15:7a:d7:f7:63
Chain CA:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4096 (0x1000)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com
Validity
Not Before: Jan 1 00:00:00 2018 GMT
Not After : Jan 1 00:00:00 2048 GMT
Subject: C = IR, ST = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Intermediate Certificate Authority, emailAddress = iu@sample.tld.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:ad:d4:fd:41:15:a9:9e:ee:ef:09:3f:3f:54:55:
b4:bc:eb:15:d7:e8:3f:3d:5c:6a:f1:6e:83:33:da:
98:d5:e8:f8:ee:a3:62:a0:5a:bd:e0:a6:b3:c3:a1:
2c:7f:80:32:e5:f7:a9:0d:e0:33:2f:16:03:bd:59:
f4:47:6c:2b:6a:c3:d1:bf:a8:98:d6:1a:25:48:45:
94:cc:f4:3b:00:fa:3a:62:5f:1d:2e:e6:e3:cc:f8:
4e:78:8e:0d:93:ca:46:d9:b8:fa:45:f6:0d:8a:9d:
47:47:fe:10:1f:54:69:8c:eb:5d:71:d5:69:dc:0f:
12:9f:7b:a1:3e:e4:79:77:0b:f1:f3:33:9f:a8:75:
5c:3c:1f:38:96:c9:6f:8e:f4:b7:33:d8:51:c7:43:
42:1f:8f:7f:99:8e:d7:16:e0:cd:c8:c5:71:ac:4e:
07:c5:59:88:c6:97:55:a8:1c:ef:c8:43:30:25:7d:
8d:00:65:ab:bc:6f:d4:54:48:3b:6f:d6:e6:6f:ee:
da:3a:93:73:c3:9c:79:27:3a:fe:01:8f:67:24:91:
d1:92:1b:76:90:df:68:2b:8f:74:06:bd:f3:e3:96:
31:90:23:31:49:e9:76:51:ee:8f:3e:85:78:3c:99:
e4:84:4d:1a:61:86:8f:22:d2:b6:90:96:f4:ca:52:
c5:c7:3c:c9:cc:bd:3f:6b:56:df:df:21:0d:b3:09:
05:12:b5:37:ee:61:26:a6:0d:21:d7:52:f9:49:0d:
17:8c:44:ab:72:82:0c:db:05:33:77:67:70:bb:94:
4c:db:07:97:58:77:f2:28:95:6e:97:d2:f3:6f:fa:
b9:58:23:e1:39:81:b0:c5:1c:df:7f:45:5c:b1:8f:
89:bd:b8:51:0d:6a:a5:db:9d:8f:97:05:2d:fa:3b:
15:04:67:b4:b4:b2:fd:fb:69:b9:d3:73:0c:56:79:
e2:67:7a:0d:f8:6d:60:04:48:99:c4:7e:6a:8c:b0:
73:d1:70:a7:7d:0b:c5:6d:40:72:fb:58:fd:b4:46:
8c:a0:40:87:1c:23:75:1a:8a:4b:40:3b:f3:38:50:
18:3d:99:d3:2d:81:87:dc:27:22:39:36:fd:59:b9:
03:63:1c:76:ff:a8:0b:7b:8f:de:ff:6d:59:18:3e:
e5:a9:0f:b8:2f:fd:52:5a:7a:e4:d4:03:4b:25:9a:
50:e5:1b:80:ce:ab:4a:04:0e:5f:a8:31:01:38:ea:
7f:1e:b5:0a:a5:65:f9:b0:c4:24:55:89:6e:8d:9e:
3a:cf:e9:9a:f5:8c:e1:1b:ee:29:2b:3b:16:51:d8:
77:fe:95:f9:15:d3:a9:61:30:bc:94:0a:7d:98:87:
d2:82:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:6C:F7:40:34:DD:ED:0E:25:46:5D:16:65:4D:8F:ED:29:E8:5E:A7
X509v3 Authority Key Identifier:
keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
d6:e5:f9:73:b4:50:98:ab:e9:6d:44:ef:4c:32:c4:88:bc:40:
3d:1c:80:a2:04:09:da:e0:3d:9d:e2:c5:2b:1d:64:7b:84:81:
4a:30:57:5a:c0:49:48:77:0b:c0:15:3e:cd:52:a9:d7:33:29:
eb:95:ce:b1:a2:9b:7c:9d:ac:53:3d:a7:2c:b0:f1:a5:d2:81:
c2:23:ea:bb:cd:e4:3f:e3:18:b4:70:6d:7d:23:1c:82:cc:01:
67:f9:2e:a9:8a:9e:94:ac:aa:ef:a3:9c:66:13:e7:b9:11:2f:
e5:52:c2:fe:92:f6:85:3f:3d:35:ad:57:15:d9:b8:19:b8:43:
73:62:f0:5a:55:d6:f3:18:7c:9f:79:fc:11:b8:ac:f6:a7:14:
e0:93:b1:9a:a8:42:1a:32:a8:36:43:87:b4:0d:76:2f:a5:ca:
66:4b:c4:cf:58:ec:c2:75:1b:32:58:8c:be:cc:b8:4a:0c:bd:
75:17:3d:b9:21:0b:e8:57:ea:84:92:e2:f8:d2:35:11:23:62:
4d:64:d0:3b:db:d5:1c:14:03:a7:ff:d9:0a:64:eb:36:2d:79:
6b:13:9f:d4:8d:08:01:86:83:10:a4:24:88:ea:6a:b4:75:07:
ab:54:87:2a:b6:87:23:d9:b0:00:d4:ba:6a:1d:db:ab:49:f2:
59:40:1f:6e:32:13:15:a7:40:3d:6a:22:24:12:4e:47:42:37:
9c:27:f5:d2:93:3f:40:77:f8:c5:db:9b:f0:92:15:51:74:0d:
5b:3c:f5:8b:a1:9c:39:f9:8b:41:3a:7b:57:00:31:d6:ca:e1:
5f:ef:54:7d:69:ba:2f:ce:52:6f:77:f6:b6:2c:c8:d8:d5:bc:
c9:99:d1:5a:5e:0f:b7:a4:24:09:58:07:af:bf:bc:1b:42:7b:
9c:31:22:5a:b8:bb:24:24:af:5b:5e:f5:a3:48:b1:bb:5c:ed:
86:87:70:af:10:6c:4e:34:d1:3e:2d:03:a8:4a:bf:67:1c:c6:
61:18:b1:82:75:5b:a0:b2:2f:1e:8d:f8:6a:bd:47:53:94:b2:
2c:93:74:c4:d6:d0:28:42:cf:4b:2f:61:81:86:42:53:ce:2f:
6b:e2:8e:aa:bf:9e:d1:9d:6a:2a:d3:83:0b:c0:df:fc:19:f3:
58:a0:ed:14:65:0f:87:9d:53:0b:d0:8d:fe:bb:97:8c:97:84:
f8:d4:c0:2c:99:44:99:83:3f:6d:d4:e9:c5:b0:8d:b9:df:d7:
5c:d3:fd:b9:90:36:1f:83:ba:53:dd:d0:8a:c6:a1:85:85:39:
af:6b:9b:da:c3:1c:27:f3:3d:94:af:65:12:07:98:f5:5d:de:
1a:d3:32:15:7a:d7:f7:63
certificate openssl certificate-authority
certificate openssl certificate-authority
edited Nov 14 at 19:53
asked Nov 14 at 18:43
sweb
3041410
3041410
1
openssl x509 -noout -text -in <certificate file>
will give you a better view of your certificates than an image. Copy/paste the output for all of your certificates into your question.
– garethTheRed
Nov 14 at 19:17
@garethTheRed added.
– sweb
Nov 14 at 19:54
2
You only add the Root CA certificate to Firefox (or any other browser and/or Operating System). All other certificates are added to the bundle end-entity first, followed by the CA that signed it, followed by the CA that signed that, all the way to the last Intermediate CA. There's no need to add the Root CA here as that's installed in Firefox (or similar). This bundle is then installed in your web-server.
– garethTheRed
Nov 14 at 21:14
add a comment |
1
openssl x509 -noout -text -in <certificate file>
will give you a better view of your certificates than an image. Copy/paste the output for all of your certificates into your question.
– garethTheRed
Nov 14 at 19:17
@garethTheRed added.
– sweb
Nov 14 at 19:54
2
You only add the Root CA certificate to Firefox (or any other browser and/or Operating System). All other certificates are added to the bundle end-entity first, followed by the CA that signed it, followed by the CA that signed that, all the way to the last Intermediate CA. There's no need to add the Root CA here as that's installed in Firefox (or similar). This bundle is then installed in your web-server.
– garethTheRed
Nov 14 at 21:14
1
1
openssl x509 -noout -text -in <certificate file>
will give you a better view of your certificates than an image. Copy/paste the output for all of your certificates into your question.– garethTheRed
Nov 14 at 19:17
openssl x509 -noout -text -in <certificate file>
will give you a better view of your certificates than an image. Copy/paste the output for all of your certificates into your question.– garethTheRed
Nov 14 at 19:17
@garethTheRed added.
– sweb
Nov 14 at 19:54
@garethTheRed added.
– sweb
Nov 14 at 19:54
2
2
You only add the Root CA certificate to Firefox (or any other browser and/or Operating System). All other certificates are added to the bundle end-entity first, followed by the CA that signed it, followed by the CA that signed that, all the way to the last Intermediate CA. There's no need to add the Root CA here as that's installed in Firefox (or similar). This bundle is then installed in your web-server.
– garethTheRed
Nov 14 at 21:14
You only add the Root CA certificate to Firefox (or any other browser and/or Operating System). All other certificates are added to the bundle end-entity first, followed by the CA that signed it, followed by the CA that signed that, all the way to the last Intermediate CA. There's no need to add the Root CA here as that's installed in Firefox (or similar). This bundle is then installed in your web-server.
– garethTheRed
Nov 14 at 21:14
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
accepted
HTTP server must has chain of domain
and intermediate
as chain of server side certificate.
cat certs/intermediate/certs/domain.cert.pem
certs/intermediate/certs/intermediate.cert.pem > webserver.cert.pem
This is not documented thou.
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
accepted
HTTP server must has chain of domain
and intermediate
as chain of server side certificate.
cat certs/intermediate/certs/domain.cert.pem
certs/intermediate/certs/intermediate.cert.pem > webserver.cert.pem
This is not documented thou.
add a comment |
up vote
0
down vote
accepted
HTTP server must has chain of domain
and intermediate
as chain of server side certificate.
cat certs/intermediate/certs/domain.cert.pem
certs/intermediate/certs/intermediate.cert.pem > webserver.cert.pem
This is not documented thou.
add a comment |
up vote
0
down vote
accepted
up vote
0
down vote
accepted
HTTP server must has chain of domain
and intermediate
as chain of server side certificate.
cat certs/intermediate/certs/domain.cert.pem
certs/intermediate/certs/intermediate.cert.pem > webserver.cert.pem
This is not documented thou.
HTTP server must has chain of domain
and intermediate
as chain of server side certificate.
cat certs/intermediate/certs/domain.cert.pem
certs/intermediate/certs/intermediate.cert.pem > webserver.cert.pem
This is not documented thou.
answered Nov 15 at 15:54
sweb
3041410
3041410
add a comment |
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1375417%2fpki-certs-hierarchy%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
openssl x509 -noout -text -in <certificate file>
will give you a better view of your certificates than an image. Copy/paste the output for all of your certificates into your question.– garethTheRed
Nov 14 at 19:17
@garethTheRed added.
– sweb
Nov 14 at 19:54
2
You only add the Root CA certificate to Firefox (or any other browser and/or Operating System). All other certificates are added to the bundle end-entity first, followed by the CA that signed it, followed by the CA that signed that, all the way to the last Intermediate CA. There's no need to add the Root CA here as that's installed in Firefox (or similar). This bundle is then installed in your web-server.
– garethTheRed
Nov 14 at 21:14