You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Susan Hinrichs (JIRA)" <ji...@apache.org> on 2016/04/18 20:48:25 UTC
[jira] [Comment Edited] (TS-4180) support for serving multiple
intermediate cert chains
[ https://issues.apache.org/jira/browse/TS-4180?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15246301#comment-15246301 ]
Susan Hinrichs edited comment on TS-4180 at 4/18/16 6:47 PM:
-------------------------------------------------------------
Ok, previous fix parsed the CA cert names, but would only load up the first of them. Setting up a PR to load all of the CA certs.
was (Author: shinrich):
Ok, previous fix loaded the CA certs, but would only load up the first of them. Setting up a PR to load all of the CA certs.
> support for serving multiple intermediate cert chains
> -----------------------------------------------------
>
> Key: TS-4180
> URL: https://issues.apache.org/jira/browse/TS-4180
> Project: Traffic Server
> Issue Type: Improvement
> Components: SSL
> Reporter: Scott Beardsley
> Assignee: Susan Hinrichs
> Labels: yahoo
> Fix For: 6.2.0
>
>
> We would like to serve two different intermediate certificate chains for RSA certs and ECDSA certs. Today they are required to be in the same chain. It seems the best way would be to modify "ssl_ca_name" (or proxy.config.ssl.CA.cert.path) to support a comma-delimited list of intermediate files.
> Bonus points if ATS validates that the intermediate chain matches the cert being served (and spits out an error if there is a mismatch)!
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)