FWIW, I made a tool that handled this all. You could pass it a bundle and it would create a minimal chain to install. Would be great if someone could find that code and open source it. It was written in Go and could likely be integrated into the UI.
Thanks. On Wed, Dec 12, 2018 at 4:27 PM Gray, Jonathan <[email protected]> wrote: > Something to think about, intermediate cert chains are ordered and of > indeterminate length if present at all. Also, for a given root CA, there > may be multiple variants of intermediate cert chains. > > Jonathan G > > On 12/12/18, 9:50 AM, "Howell, Jeff (Contractor)" < > [email protected]> wrote: > > Greetings Traffic Controllers. > > I have an idea for a change in how SSL certs are managed in TO/TP. > Currently we have to concatenate the intermediate certs onto the server > cert and paste that into the SSL key interface. As the intermediate is > likely the same for the majority of certs in the cdn, it makes more sense > to decouple that from the server cert. > > I’m proposing that a new interface is created in TP to load > intermediate certs chains into ATC, creating a library of intermediate > certs. In the SSL key interface, intermediate cert chains are selected via > dropdown rather than concatenated onto the server cert. This mitigates > human error in formatting and certificate ordering. > > Best Regards, > Jeff > > >
