You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2019/05/21 15:28:51 UTC

[GitHub] [trafficcontrol] JBevillC edited a comment on issue #3534: WIP - TP Delivery Service Generate SSL update, new letsencrypt generate and…

JBevillC edited a comment on issue #3534: WIP - TP Delivery Service Generate SSL update, new letsencrypt generate and…
URL: https://github.com/apache/trafficcontrol/pull/3534#issuecomment-494440268
 
 
   I'm also working (still) on the x509 validation TO code/architecture of imported certificates.  We have decided to shift to an architecture that requires the full cert chain in traffic vault so that certificates can be validated fully without having to rely on an external CA trust store and whether or not they are are the same on multiple TO hosts.
   
   How are you storing the certificate in Traffic Vault once received?  Can you possibly store and/or add the option to store the full cert chain in traffic vault?  The format should be in reverse order: server-cert, intermediate-CA-N, intermediate-CA 2, intermediate-CA-1, CA-Root
   
   Thoughts?.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services