Certificate Management FAQ

Revision as of 18:09, 24 March 2015 by Jorge de la Cruz (talk | contribs)

Article is not yet complete.

Summary

Here is a list of frequently asked questions regarding certificate management in ZCS.

FAQ

What certificate formats are compatible with ZCS?

Commercial and self-signed certificates must of type x509 and PEM format. Other formats will result in error.

Thawte Certificates

Why does uploading the provided cert.cer file result in certificate/key mismatch?

Thawte has been known to issue their certificates in PKCS7 format. The cert.cer file is actually a certificate bundle containing:

  • your server's certificate
  • CA issuer certificate (intermediate)
  • CA issuse certificate for the (intermediate)

Please note, the PKCS7 bundle does not include the Thawte root CA certificate. Thawte root certificates are located here.

The server and CA intermediate certificates must be extracted from the PKCS7 bundle using the openssl command. This command prints the x509 certificates to a file.

openssl pkcs7 -in cert.cer -print_certs > cert.out

Where can I find Thawte root CA certificates?

On the Thawte website here: https://www.thawte.com/roots/index.html.

More Information

Jump to: navigation, search