Certificate Management FAQ

Revision as of 19:50, 11 November 2010 by Jason (talk | contribs)
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Article is not yet complete.

Summary

Here is a list of frequently asked questions regarding certificate management in ZCS.

FAQ

What certificate formats are compatible with ZCS?

Commercial and self-signed certificates must in x509/PEM form. Other formats will result in error.

Thawte Certificates

Why does uploading the provided cert.cer file result in certificate/key mismatch?

Thawte has been known to issue their certificates in PKCS7 format. The cert.cer file is actually a certificate bundle containing:

  • your server's certificate
  • CA issuer certificate (intermediate)
  • CA issuse certificate for the (intermediate)

Please note, the PKCS7 bundle does not include the Thawte root CA certificate. Thawte root certificates are located here.

The server and CA intermediate certificates must be extracted from the PKCS7 bundle using the openssl command. This command prints the x509 certificates to a file.

openssl pkcs7 -in cert.cer -print_certs > cert.out

Where can I find Thawte root CA certificates?

On the Thawte website here: https://www.thawte.com/roots/index.html.

More Information

Jump to: navigation, search