Something to think about, intermediate cert chains are ordered and of indeterminate length if present at all. Also, for a given root CA, there may be multiple variants of intermediate cert chains.
Jonathan G On 12/12/18, 9:50 AM, "Howell, Jeff (Contractor)" <[email protected]> wrote: Greetings Traffic Controllers. I have an idea for a change in how SSL certs are managed in TO/TP. Currently we have to concatenate the intermediate certs onto the server cert and paste that into the SSL key interface. As the intermediate is likely the same for the majority of certs in the cdn, it makes more sense to decouple that from the server cert. I’m proposing that a new interface is created in TP to load intermediate certs chains into ATC, creating a library of intermediate certs. In the SSL key interface, intermediate cert chains are selected via dropdown rather than concatenated onto the server cert. This mitigates human error in formatting and certificate ordering. Best Regards, Jeff
