Certificate Management FAQ
Here is a list of frequently asked questions regarding certificate management in ZCS.
What certificate formats are compatible with ZCS?
Commercial and self-signed certificates must in x509/PEM form. Other formats will result in error.
Why does uploading the provided cert.cer file result in certificate/key mismatch?
Thawte has been known to issue their certificates in PKCS7 format. The cert.cer file is actually a certificate bundle containing:
- your server's certificate
- CA issuer certificate (intermediate)
- CA issuse certificate for the (intermediate)
Please note, the PKCS7 bundle does not include the Thawte root CA certificate. Thawte root certificates are located here.
The server and CA intermediate certificates must be extracted from the PKCS7 bundle using the openssl command. This command prints the x509 certificates to a file.
openssl pkcs7 -in cert.cer -print_certs > cert.out
Where can I find Thawte root CA certificates?
On the Thawte website here: https://www.thawte.com/roots/index.html.