Support certificate chains as root CA

TOSIT-IO / tdp-collection

Ansible collection to deploy the components of TDP

Apache License 2.0

21 stars 19 forks source link

Support certificate chains as root CA #594

Open Nuttymoon opened 1 year ago

Nuttymoon commented 1 year ago

If /etc/ssl/certs/root.pem is a certificate chain containing a root certificate and intermediate certificate(s), only the first certificate of the chain will be imported to the keystore and truststore by utils.ssl_tls.create_truststore.

TDP should support certificate chains. Apparently, one way of doing this is to use an intermediate PKCS#7 file (Stack Overflow answer).

KaidoKopli commented 1 year ago

Have the playbooks been updated to loop over all certificates in the root.pem to import them in the java stores? Merci!