[racket] Webserver, SSL, and intermediate certificates

From: Jordan Schatz (jordan at noionlabs.com)
Date: Fri Sep 21 15:50:35 EDT 2012

I guess GoDaddy, Thawte, DigiCert and StartSSL (and probably others) are not
signing SSL certs with their root key, but rather they have an intermediate cert
that they sign, and then use that intermediate cert to sign the SSL certs they
issue.

http://en.wikipedia.org/wiki/Intermediate_certificate_authorities
http://www.whichssl.com/intermediate_certificates2.html
http://support.godaddy.com/help/article/868/what-is-an-intermediate-certificate

I think there should be a way to combine the "normal" site SSL cert and the
intermediate cert into a single file, and let OpenSSL handle it from there, but
I haven't had any luck:
http://www.geeklab.info/2011/01/how-to-use-chained-ssl-certificates/

StartSSL (startssl.com) issues free certs, which could be used for testing.

Thanks,
Jordan

On Fri, 21 Sep 2012 12:25:25 -0600, Jay McCarthy <jay.mccarthy at gmail.com> wrote:
> I don't know what they are, so I presume that it doesn't support them.
> If you can give me some docs or test cases to work with, I could see
> how difficult it is to implement.
> 
> Jay
> 
> On Fri, Sep 21, 2012 at 11:24 AM, Jordan Schatz <jordan at noionlabs.com> wrote:
> >
> > I have an SSL certificate that depends on an intermediate certificate, but I
> > cant find anything in the documentation on how to tell the web server that my
> > cert needs the intermediate certificate... Are intermediate certificates
> > supported? anyone know of a work around?
> >
> > Thanks,
> > Jordan
> > ____________________
> >   Racket Users list:
> >   http://lists.racket-lang.org/users
> 
> 
> 
> -- 
> Jay McCarthy <jay at cs.byu.edu>
> Assistant Professor / Brigham Young University
> http://faculty.cs.byu.edu/~jay
> 
> "The glory of God is Intelligence" - D&C 93

Posted on the users mailing list.