Home  ›  How to Upload Full Certifcate Chain to Qualys Enterprise Manager

How to Upload Full Certifcate Chain to Qualys Enterprise Manager

Written By Tuesday, 12 April 2022 Add Comment Edit

What is the SSL Certificate Chain?

There are 2 types of certificate authorities (CAs): root CAs and intermediate CAs. For an SSL certificate to be trusted, that certificate must accept been issued by a CA that's included in the trusted store of the device that's connecting.

If the certificate wasn't issued by a trusted CA, the connecting device (eg. a web browser) checks to see if the document of the issuing CA was issued by a trusted CA. It continues checking until either a trusted CA is found (at which indicate a trusted, secure connectedness will be established), or no trusted CA tin can be found (at which betoken the device will usually display an error).

The list of SSL certificates, from the root document to the end-user document, represents the SSL certificate chain.

A real SSL certificate chain

Example of an SSL Certificate chain

As an example, suppose you purchase a certificate from the Awesome Potency for the domain instance.awesome.

Awesome Potency isn't a root certificate say-so. Its certificate isn't direct embedded in your web browser, then it can't exist explicitly trusted.

  • Awesome Authorization utilizes a certificate issued by Intermediate Awesome CA Alpha.
  • Intermediate Awesome CA Alpha utilizes a certificate issued by Intermediate Awesome CA Beta.
  • Intermediate Awesome CA Beta utilizes a certificate issued past Intermediate Awesome CA Gamma.
  • Intermediate Awesome CA Gamma utilizes a certificate issued by The King of Awesomeness.
  • The King of Awesomeness is a Root CA. Its document is direct embedded in your spider web browser, therefore it tin can be explicitly trusted.

In our example, the SSL certificate chain is represented by vi certificates:

  1. Finish-user Document - Issued to: case.com; Issued By: Crawly Dominance
  2. Intermediate Document 1 - Issued to: Awesome Authority; Issued Past: Intermediate Awesome CA Alpha
  3. Intermediate Document 2 - Issued to: Intermediate Awesome CA Alpha; Issued Past: Intermediate Awesome CA Beta
  4. Intermediate Certificate 3 - Issued to: Intermediate Awesome CA Beta; Issued Past: Intermediate Crawly CA Gamma
  5. Intermediate Certificate 4 - Issued to: Intermediate Awesome CA Gamma; Issued By: The Rex of Awesomeness
  6. Root document - Issued by and to: The Male monarch of Awesomeness

Certificate 1, the one y'all purchase from the CA, is your finish-user certificate. Certificates 2 to five are intermediate certificates. Document half dozen, the one at the height of the chain (or at the end, depending on how you lot read the chain), is the root document.

When you install your end-user certificate for example.crawly, yous must bundle all the intermediate certificates and install them along with your end-user document. If the SSL certificate chain is invalid or cleaved, your document won't be trusted past some devices.

Oft Asked Questions

  1. Do I have to install the Root certificate on my server?

    No. The root certificate is usually embedded in your continued device. In the instance of spider web browsers, root certificates are packaged with the browser software.

  2. How do I install the Intermediate SSL certificates?

    The process to install the Intermediate SSL certificates depends on the web server and the surroundings where you install the document.

    For instance, Apache requires y'all to bundle the intermediate SSL certificates and assign the location of the bundle to the SSLCertificateChainFile configuration. However, NGINX requires you to package the intermediate SSL certificates in a single packet with the end-user certificate.

    We provide a certificate installation wizard which contains installation instructions for several servers and platforms. If you lot purchase a certificate with us you can use this wizard to obtain and install the files yous demand for your server.

    If your server isn't on the magician, you can still obtain the proper files through it, and so follow your spider web server'southward documentation to determine how to properly install your domain certificate and intermediate certificates.

  3. What happens if I don't install an Intermediate SSL certificate?

    If you lot don't install one or more intermediate SSL certificate, you break the certificate chain. That means you create a gap betwixt a specific (end-user or intermediate) certificate and its issuer. When a device can't detect a trusted issuer for a certificate, the certificate and the unabridged chain, from the intermediate document down to the final cerficate, tin't be trusted.

    As a result, your concluding certificate won't be trusted. Web browsers will display an "Invalid document" or "document not trusted" error.

  4. How can I shorten the SSL certificate concatenation in my browser?

    This isn't possible. The only way to shorten a concatenation is to promote an intermediate certificate to root. Ideally, you should promote the certificate that represents your Certificate Authorization – that way the chain will consist of but two certificates.

    Root certificates are packaged with the browser software. The list can just be altered past the browser maintainers.

richwifearmas.blogspot.com

Source: https://support.dnsimple.com/articles/what-is-ssl-certificate-chain/

0 Response to "How to Upload Full Certifcate Chain to Qualys Enterprise Manager"

Post a Comment

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel