![]() ![]() ![]() ![]() privkey.pem only contains the private key. chain.pem only contains the intermediate CA certificate (not the root anchor or the server cert). We looked inside cert.pem, and it only contains the server certificate (and only once). The result is that the Apache SSL handshake includes the server certificate twice, and the intermediate CA certificate, and the root certificate (which it should not be sending), which results in warnings on the Qualys SSL Labs tester. The output 12 file has the certificate twice, followed by the Let's Encrypt intermediate CA certificate, followed by the unnecessary self-signed DST Root CA X3 anchor certificate (which all the browsers have installed in them by default), and finally followed by the private key. ![]() out /etc/letsencrypt/live//12Īnd here's where it gets weird. certfile /etc/letsencrypt/live//chain.pem \ inkey /etc/letsencrypt/live//privkey.pem \ p12 file, we have to execute this command: openssl pkcs12 -export \ Annoying and pointless, but it's what we have to live with for now. From the command line tool ( security import), macOS Server doesn't accept the straight. We're working on switching from StartCom SSL Certificates to Let's Encrypt, and trying to get it set up to automatically work with macOS Server Apache HTTPD. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |