Answer the question
In order to leave comments, you need to log in
How to make an intermediate CA?
Good afternoon!
There are:
1) Self-signed root CA certificate and key --- certificate is valid ( installed in the system )
2) Signed by root certificate --- intermediate CA and key --- certificate is valid
3) Signed by intermediate CA --- final certificate and key
So here. The last certificate is considered not valid - "Unable to find the provider of this certificate.".
How correctly, having all the certificates and keys, to generate the third certificate? That is, sign the CSR so that it is valid?
Or ... Do you really have to install all the CAs in the system?
Thank you very much in advance!
Answer the question
In order to leave comments, you need to log in
When I implemented a proxy with bumping and using my own CA (yes, we also have a two-level CA), I had to put both certificates in the system - both the root CA and the intermediate one - and it was in the root ones, while the intermediate one was in "Intermediate CA" - no trust did not have.
You need the client software (OS, browser,...) to:
- trust the root CA
- be able to build a chain from your final certificate to the root CA.
For the last point, you need to:
- provide the client software not only with your certificate, but also with the certificate of the intermediate CA. This is usually done with website SSL certificates - web servers provide the chain, not just the website certificate itself.
OR
- uploaded to the trusted not only the root certificate, but also the certificate of the intermediate CA.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question