Closed Ririio closed 1 year ago
cc @cychu42
Small update: Seems like the first part is the user certificate, and the second part is the intermediate certificate
From the LE forums:
- cert.pem is the certificate for your domain and, among others, contains your public key;
- chain.pem contains the intermediate certificate, the certificate from Let’s Encrypt containing the public key which is “coupled” to the private key which signed your certificate (the one above). This intermediate certificate is required for clients to verify your certificate;
- fullchain.pem is a concatenation of cert.pem and chain.pem in one file. In most servers you’ll specify this file as the certificate, so the entire chain will be send at once. Some clients require you to specify the above two files separate. In that case you won’t need fullchain.pem;
- privkey.pem is, no shocker here, your private key, linked to the public key which is stored in your certificate.
So it sounds like we are showing users the fullchain.pem
and privkey.pem
. That is probably OK, but we could explain it.
@dadolhay does this match your understanding, too?
From the LE forums:
cert.pem is the certificate for your domain and, among others, contains your public key;
chain.pem contains the intermediate certificate, the certificate from Let’s Encrypt containing the public key which is “coupled” to the private key which signed your certificate (the one above). This intermediate certificate is required for clients to verify your certificate;
fullchain.pem is a concatenation of cert.pem and chain.pem in one file. In most servers you’ll specify this file as the certificate, so the entire chain will be send at once. Some clients require you to specify the above two files separate. In that case you won’t need fullchain.pem;
privkey.pem is, no shocker here, your private key, linked to the public key which is stored in your certificate.
So it sounds like we are showing users the
fullchain.pem
andprivkey.pem
. That is probably OK, but we could explain it.@dadolhay does this match your understanding, too?
How would we know which one of the certificate is which?
I decoded the certificate with an online tool, and it gave me a common name of Pebble Intermediate CA 345aaa
for the second one. The first one had *.user3.starchart.com
@Eakam1007 right, that makes sense. So it's the cert + intermediate cert (Pebble is our Let's Encrypt in dev).
The certificate seems to be rendering duplicates of itself as can be seen here
Looking through the database, something seems to be occuring from the back-end for this to occur