Versions Compared

Old Version 28

changes.mady.by.user Simon Chang

Saved on

compared with

New Version 29

changes.mady.by.user Simon Chang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Having now obtained the private key file either from openssl or keytool, the site should then combine bundle the private key with the chained cert certificates into a PKCS12 package (.pfx or .p12 suffix) that will set the stage to import the bundle into the final keystore.  The most important concept about using a third-party certificate is that we must construct a chain of trust that SHRINE can trace from the endpoint certificate all the way back to the root CA.  Without this trust verification, SHRINE will be unable to use the certificates as intended.  In the following command (again, assuming that the private key file is called private_key.pem), the certificates_file contains the new certificate plus all intermediate certificates plus the root certificate, and the ca_certificate contains the intermediate certificates plus the root certificate.  Run this command to bundle the private key, the endpoint certificate, and all intermediate and root certificates into one single entry within the PKCS12 store:

...