Uploaded image for project: 'Traffic Server'
  1. Traffic Server
  2. TS-4180

Support for serving multiple intermediate cert chains

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 6.2.0, 7.0.0
    • SSL

    Description

      We would like to serve two different intermediate certificate chains for RSA certs and ECDSA certs. Today they are required to be in the same chain. It seems the best way would be to modify "ssl_ca_name" (or proxy.config.ssl.CA.cert.path) to support a comma-delimited list of intermediate files.

      Bonus points if ATS validates that the intermediate chain matches the cert being served (and spits out an error if there is a mismatch)!

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. TS-4619 Intermediate certificate chain loading can miss certificates

          • Major - Major loss of function.
          • Closed

          Activity

            People

              shinrich Susan Hinrichs
              sc0ttbeardsley Scott Beardsley
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Slack

                  Issue deployment