Certificate Management FAQ

Revision as of 19:50, 11 November 2010 by Jason (talk | contribs) (Created page with '=Summary= Here is a list of frequently asked questions regarding certificate management in ZCS. =FAQ= ==What certificate formats are compatible with ZCS?== Commercial and self-s…')
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Summary

Here is a list of frequently asked questions regarding certificate management in ZCS.

FAQ

What certificate formats are compatible with ZCS?

Commercial and self-signed certificates must in x509/PEM form. Other formats will result in error.

Thawte Certificates

Why does uploading the provided cert.cer file result in certificate/key mismatch?

Thawte has been known to issue their certificates in PKCS7 format. The cert.cer file is actually a certificate bundle containing:

  • your server's certificate
  • CA issuer certificate (intermediate)
  • CA issuse certificate for the (intermediate)

Please note, the PKCS7 bundle does not include the Thawte root CA certificate. Thawte root certificates are located here.

The server and CA intermediate certificates must be extracted from the PKCS7 bundle using the openssl command. This command prints the x509 certificates to a file.

openssl pkcs7 -in cert.cer -print_certs > cert.out

Where can I find Thawte root CA certificates?

On the Thawte website here: https://www.thawte.com/roots/index.html.

More Information

Jump to: navigation, search