All geek questions in one place

How to create an intermediate and root certificate from an existing leaf certificate?

Now I have an X509 sheet certificate. From the certification path, to see, it has an intermediate certificate and a root certificate.

enter image description here

I want to create an intermediate cert (.. CA-G3) and a root certificate (VerSign). My current path is to double-click the intermediate, and then click "Copy to file .." to export it. Do the same for the root. Is this a fix to get intermediate / root certificates?

From my test result, the generated root certificate with the wrong fingerprint seems to be. fingerpring does not match that on the server side.

Can anyone help with the proper generation of intermediate / root certificates?

+1
source share
2 answers

[provide an answer ... maybe this is an alternative approach to get all the certificates used by the SSL server]

To obtain source and root certificates with the OpenSSL command:

openssl s_client -showcerts -connect [host]:[port]
0
source

You have a fundamental misunderstanding of certificates and certificate chains.

CA and Root certificates are looked up and discovered, not generated.

Some certificates include the location of their CA certificate in the certificate body (in a special certificate extension). For others, you need to look in the CA certificate store (this is what Windows does). Sometimes chains are sent along with the certificate of the final object (depending on the data format). Finally, sometimes CA and Root are simply unavailable.

+4
source

Source: https://habr.com/ru/post/918452/

More articles:


All Articles