legacy for backwards compatibility with current (Nov 12, 2014)
CloudFlare production environment
new cert with 5 year expiration
Both certs have the same public key and thus the same SKI, however,
Client Auth checks the CN as well as the SKI, breaking compatibiilty
with certs signed by the legacy CA (unlike Server Auth that only checks
the SKI). Having both keeps compatibility for a CloudFlare upgrade.
Two certs in the CA bundle now:
Both certs have the same public key and thus the same SKI, however, Client Auth checks the CN as well as the SKI, breaking compatibiilty with certs signed by the legacy CA (unlike Server Auth that only checks the SKI). Having both keeps compatibility for a CloudFlare upgrade.