I see, mechanism is clear for me.

I took my CA chain from
 
https://support.comodo.com/index.php?/comodo/Knowledgebase/Article/View/979/108/domain-validation-sha-2

And my chain is following:

main cert
Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO 
RSA Domain Validation Secure Server CA
Subject: OU=Domain Control Validated, OU=EssentialSSL Wildcard, 
CN=*.mydomain.com

inter1
Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust 
External CA Root
Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO 
RSA Certification Authority

inter2
Issuer: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO 
RSA Certification Authority
Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO 
RSA Domain Validation Secure Server CA

root
Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust 
External CA Root
Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust 
External CA Root

Is it seems correct? According sources from google - it's not.
And what order to import CA's via ipa-cacert-manage?
Am I should import them just one by one or from one file in correct order?
https://www.ssllabs.com/ssltest/analyze.html tells me that chain is full and 
order is correct...
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to