Uploaded image for project: 'Traffic Server'
  1. Traffic Server
  2. TS-4180

Support for serving multiple intermediate cert chains

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.2.0, 7.0.0
    • Component/s: SSL
    • Labels:

      Description

      We would like to serve two different intermediate certificate chains for RSA certs and ECDSA certs. Today they are required to be in the same chain. It seems the best way would be to modify "ssl_ca_name" (or proxy.config.ssl.CA.cert.path) to support a comma-delimited list of intermediate files.

      Bonus points if ATS validates that the intermediate chain matches the cert being served (and spits out an error if there is a mismatch)!

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                shinrich Susan Hinrichs
                Reporter:
                sc0ttbeardsley Scott Beardsley
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: