Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

SSL - More than one intermediate certificate in CSS to support EV SSL

Although the documentation for the CSS does indeed cover how to install a single intermediate certificate (http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.10/configuration/ssl/guide/sslcggde.pdf for example)

, there are now many more instances where 2 intermediates are required. The latest type of SSL certificate (Extended Validation SSL) requires the use of a cross certficate in the chain. As such the CSS does not seem to be able to support this configuration and we've seem cases now of either the CSS being rejected by the hosting provider or the certificate being downgraded by the hosting provider. I'd like to enquire how Cisco plans to support a 4 certifcate hirearchy in the future. As an example pick any EV web site ebay/paypal or banks like abk.be and look at the chain with a current version Opera or a non EV web browser like IE 6.0

2 REPLIES
Community Member

Re: SSL - More than one intermediate certificate in CSS to suppo

I came across this in Feb when the new E.V. certs became avaialbe. You need to concatenate the root, intermediate and server certificate into one chained certificate. The existing root certs in the browsers certificate store can authenticate the new root certificate which validates the whole chain including the server cert.

Doing it this way means you can have as many certs in the chain as is required.

Bronze

Re: SSL - More than one intermediate certificate in CSS to suppo

Do I contatenaet it for the certificate you use to autenticate the trust point??

238
Views
0
Helpful
2
Replies
CreatePlease to create content