search

fabiolb / fabio

Consul Load-Balancing made simple
https://fabiolb.net
MIT License
7.25k stars 620 forks source link

certificates - cert and ca chain/intermediate #946

Closed replay111 closed 2 days ago

replay111 commented 2 days ago

Hi,

I have my own PKI and I want to add certificate with chain:

CA Cert (trust) -> Intermediate -> Server Cert + Server Cert.Key

But when I am exposing server.cert + server.cert.key as bundle .pem my browser claims that connection is not secure... (CA Trust is added)

How can I add cert chain to show the path to correct CA Trust for browser?

Best Regards Replay

aaronhurt commented 2 days ago

It's common practice to just concatenate all of those together. Example ...

cat your-cert.pem intermediate-cert.pem ca-cert.pem private-key.pem > combined.pem

and configure the listener with the combined pem file. The order is important, but the intermediates are optional if you don't have them.

  1. Your domain cert
  2. Intermediates in ascending order to the root
  3. The root CA cert
  4. Your domain cert private key
replay111 commented 2 days ago

hm... I think I did that - but I got error that private key does not match certificate... I will re-try today with this order, maybe this was incorrect...

replay111 commented 2 days ago

@aaronhurt Thanks a lot - a messed up with order :/

Now it is working like charm :D