Fastream Technologies wrote: > Hello, > > I wonder how would an end user install these files sent from Comodo: > > Root CA Certificate - AddTrustExternalCARoot.crt > Intermediate CA Certificate - UTNAddTrustSGCCA.crt > Intermediate CA Certificate - ComodoUTNSGCCA.crt > Intermediate CA Certificate - EssentialSSLCA_2.crt > Your Free SSL Certificate - services_mypriority_co_uk.crt > > It is my experience that crt's and pem's are exactly the same yet with > different extensions.
If they are not PEM files they have to be converted to PEM with openssl.exe first. Then, in order to ensure that those clients who only have the root CA in their trusted store will ever be able to verify this _ugly long chain, copy all intermediate as well as the server certificate into one PEM file and make it the server certificate (use a text editor for this purpose which is able to handle "LF only" line breaks as well). As you can imagine, the SSL handshake will be rather slow if four certificates have to be sent to the client. I do not know whether these certificates are commonly included in Firefox by default, or whether IE automaticaly retrieves them from the Microsoft certificate server. If one can be sure that connecting clients do have the complete chain (well, without the last one of course) it was enough to just use the server certificate. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be