1
1
I follow https://jamielinux.com/docs/openssl-certificate-authority/index.html and after create root and intermediate ca the chain file dosnt have hierarchy like other ca.
Here's the sample of expected hierarchy:
- Root ca creation
- Intermediate CA created and singed by root ca
- domain cert created and singed by intermediate.
But after import ca-chain.cert.pem via firefox that contain intermediate and root (exactly this order) . Just import the intermediate.
After importing in browser website work well but there is no root ca in hierarchy. just intermediate then website certification.
Even after import root ca the cert doesn't hierarchy as i expected. What i missed?
Root ca:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
f1:61:fb:1e:9e:12:3d:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com
Validity
Not Before: Jan 1 00:00:00 2018 GMT
Not After : Jan 1 00:00:00 2058 GMT
Subject: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:dc:20:86:ef:e7:01:fe:a8:6f:72:c1:b0:19:f3:
54:4c:36:f8:c9:c3:e9:82:58:e1:40:d0:dc:94:40:
7e:81:44:bc:83:a2:60:b0:60:b5:07:db:8a:23:ba:
21:d6:b6:9e:72:fd:03:86:6c:87:92:2c:f0:f9:4c:
64:e3:42:50:e4:93:ce:49:55:ce:c6:ce:cd:36:af:
2f:d2:f8:61:21:92:2e:67:0a:57:13:7f:e5:d6:a0:
42:1e:61:46:f2:c5:f3:0d:05:19:09:93:b5:7d:6b:
23:d1:a4:ae:9d:e4:22:9e:17:f5:b8:38:11:f6:f7:
29:6c:a1:7e:b5:68:34:9d:31:b8:cb:bd:b8:fb:9a:
25:f6:96:8b:6b:21:22:38:f0:a6:b4:5a:3a:00:94:
f4:de:2c:15:98:b1:82:8b:fa:f2:0e:e8:8e:2e:69:
86:0f:f6:f4:82:8d:b5:6f:00:8b:cc:3c:29:b8:2d:
fa:03:c2:7f:46:c5:0b:9f:4e:ee:f5:82:d5:b2:9f:
29:3b:43:b8:0b:90:05:f6:53:68:be:f2:d2:91:f9:
ec:5a:3f:83:d0:0f:49:6a:7f:d9:a3:72:d0:8f:74:
a6:4b:c8:31:bd:ac:45:6b:51:c4:46:0d:aa:31:3d:
03:bb:fc:7f:50:c6:ec:57:72:84:40:a8:4f:1d:14:
b6:4d:30:6c:2f:b1:69:7a:9b:1f:8f:f9:af:a3:00:
df:96:df:df:e6:b9:6d:5e:bc:1e:40:e7:ee:fe:18:
aa:bb:19:e5:26:9f:79:01:76:06:26:6b:43:cb:15:
41:aa:01:19:d9:11:19:7b:df:99:8c:68:8d:4b:a9:
76:3b:32:ff:68:4d:5c:0e:5d:c7:5f:ed:1a:20:f4:
68:29:0b:21:ac:79:05:9a:57:0a:54:d7:7d:06:83:
f9:b5:79:09:65:fa:c2:83:6d:b6:77:3e:e0:b2:ac:
15:b4:88:22:95:64:70:27:88:50:2b:e4:2e:6f:df:
f1:3c:fa:21:70:c2:bf:54:18:3e:2a:6f:2f:28:0f:
d3:83:61:6c:b5:9d:5e:4f:f8:8a:3b:75:ef:e9:97:
58:98:2f:31:39:cd:dd:18:ff:fc:ce:d0:83:72:23:
4f:e1:66:a4:0b:2a:5d:44:79:e4:7b:6a:67:d5:c5:
6a:a7:c9:ff:7e:1c:1b:20:e9:18:ee:69:cd:5b:cb:
f1:c3:cd:9e:62:38:f3:b0:f3:70:f8:0e:2f:c9:7b:
27:6e:5b:e4:78:b8:a2:b4:5a:26:ff:9f:bd:c6:b1:
2d:5b:a4:b3:49:17:24:68:02:be:b9:7e:c3:d5:37:
ca:c3:b4:bd:1b:28:fd:70:45:4f:9e:7e:1b:2a:14:
3d:cf:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F
X509v3 Authority Key Identifier:
keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Issuer Alternative Name:
<EMPTY>
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
8a:33:b3:59:6d:30:11:d1:df:71:fa:ed:90:02:13:40:84:e0:
54:3e:88:ce:12:07:c9:29:ce:44:69:c0:e8:d4:90:e3:48:5c:
0c:6d:4f:c4:d6:af:a3:c5:86:ff:d1:93:8f:9b:b3:5e:8f:37:
fa:9c:93:cd:a8:0d:71:28:91:fa:06:17:70:a4:be:7a:30:b1:
76:c3:33:f2:4b:a7:b8:ec:a7:f9:76:e9:08:cb:b3:1b:cd:a5:
5f:c6:1a:85:7c:76:d4:67:da:d4:80:6d:be:80:4b:5c:f6:d0:
f8:f5:47:12:73:92:35:86:f2:76:4f:82:2c:e9:ec:1b:bf:5b:
cb:fa:31:65:41:ad:6f:e6:71:76:76:46:e7:51:b2:d0:fe:77:
76:2f:49:9d:c2:79:7a:94:9b:a8:42:4e:91:bb:72:60:c6:91:
e9:e6:cf:59:17:20:75:14:90:42:7c:c9:5d:27:10:b9:81:c0:
a5:43:3d:0a:e0:c6:ba:7e:e9:9a:98:02:a6:bf:5d:55:2b:31:
b9:0a:91:d7:f0:28:07:0b:80:e2:1c:0e:5f:c8:f8:88:17:3d:
8b:b0:b3:df:09:e3:0d:4b:1c:ed:d9:d1:8a:9a:d8:d8:b0:e6:
bf:9f:1e:14:86:45:47:5a:c5:e3:90:06:b7:0a:72:60:0d:0d:
2c:bd:ce:19:57:02:09:e0:d8:6e:ed:9a:7e:d6:8d:18:42:fc:
32:54:88:c1:87:98:0b:7e:ca:dd:9a:3e:d8:5b:00:91:28:ea:
2b:35:ad:36:6c:9d:e0:cc:41:cd:e9:31:75:ec:2c:e5:5e:24:
59:cd:f6:cb:14:42:e1:b6:30:84:6e:f2:13:8a:9e:32:0e:34:
1a:4f:5d:a7:19:67:64:84:29:5f:ec:7e:18:1a:7f:0c:65:6a:
04:8a:fa:a2:2b:76:ff:1f:c4:0a:5f:1b:df:4e:6b:60:58:ae:
37:d8:b8:3b:09:fa:34:8e:6a:e2:1c:a5:c6:a5:2c:a1:22:09:
03:91:b5:16:d6:d5:60:0b:a9:c2:8d:f4:6f:2c:1e:43:60:9d:
a3:8b:5c:34:ef:89:e5:93:ba:93:f8:92:96:fb:d2:f4:4b:68:
ca:0a:8c:58:d4:e2:cd:8e:e4:d7:90:1c:79:6f:c7:c2:61:ae:
e7:52:07:70:e2:d9:b4:59:b2:73:c4:eb:f0:39:09:3f:b3:69:
c7:2e:29:28:f5:a3:cd:fb:fd:2c:6b:b6:ad:de:f4:86:c4:e7:
20:e2:fc:37:40:95:b2:11:27:48:3c:3e:1c:f9:bd:fe:d2:56:
4d:a4:21:9c:85:eb:95:f1:bb:82:72:10:1c:d5:ff:eb:78:eb:
c7:5c:5f:fd:ec:0c:07:66
Intermediate CA:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4096 (0x1000)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com
Validity
Not Before: Jan 1 00:00:00 2018 GMT
Not After : Jan 1 00:00:00 2048 GMT
Subject: C = IR, ST = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Intermediate Certificate Authority, emailAddress = iu@sample.tld.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:ad:d4:fd:41:15:a9:9e:ee:ef:09:3f:3f:54:55:
b4:bc:eb:15:d7:e8:3f:3d:5c:6a:f1:6e:83:33:da:
98:d5:e8:f8:ee:a3:62:a0:5a:bd:e0:a6:b3:c3:a1:
2c:7f:80:32:e5:f7:a9:0d:e0:33:2f:16:03:bd:59:
f4:47:6c:2b:6a:c3:d1:bf:a8:98:d6:1a:25:48:45:
94:cc:f4:3b:00:fa:3a:62:5f:1d:2e:e6:e3:cc:f8:
4e:78:8e:0d:93:ca:46:d9:b8:fa:45:f6:0d:8a:9d:
47:47:fe:10:1f:54:69:8c:eb:5d:71:d5:69:dc:0f:
12:9f:7b:a1:3e:e4:79:77:0b:f1:f3:33:9f:a8:75:
5c:3c:1f:38:96:c9:6f:8e:f4:b7:33:d8:51:c7:43:
42:1f:8f:7f:99:8e:d7:16:e0:cd:c8:c5:71:ac:4e:
07:c5:59:88:c6:97:55:a8:1c:ef:c8:43:30:25:7d:
8d:00:65:ab:bc:6f:d4:54:48:3b:6f:d6:e6:6f:ee:
da:3a:93:73:c3:9c:79:27:3a:fe:01:8f:67:24:91:
d1:92:1b:76:90:df:68:2b:8f:74:06:bd:f3:e3:96:
31:90:23:31:49:e9:76:51:ee:8f:3e:85:78:3c:99:
e4:84:4d:1a:61:86:8f:22:d2:b6:90:96:f4:ca:52:
c5:c7:3c:c9:cc:bd:3f:6b:56:df:df:21:0d:b3:09:
05:12:b5:37:ee:61:26:a6:0d:21:d7:52:f9:49:0d:
17:8c:44:ab:72:82:0c:db:05:33:77:67:70:bb:94:
4c:db:07:97:58:77:f2:28:95:6e:97:d2:f3:6f:fa:
b9:58:23:e1:39:81:b0:c5:1c:df:7f:45:5c:b1:8f:
89:bd:b8:51:0d:6a:a5:db:9d:8f:97:05:2d:fa:3b:
15:04:67:b4:b4:b2:fd:fb:69:b9:d3:73:0c:56:79:
e2:67:7a:0d:f8:6d:60:04:48:99:c4:7e:6a:8c:b0:
73:d1:70:a7:7d:0b:c5:6d:40:72:fb:58:fd:b4:46:
8c:a0:40:87:1c:23:75:1a:8a:4b:40:3b:f3:38:50:
18:3d:99:d3:2d:81:87:dc:27:22:39:36:fd:59:b9:
03:63:1c:76:ff:a8:0b:7b:8f:de:ff:6d:59:18:3e:
e5:a9:0f:b8:2f:fd:52:5a:7a:e4:d4:03:4b:25:9a:
50:e5:1b:80:ce:ab:4a:04:0e:5f:a8:31:01:38:ea:
7f:1e:b5:0a:a5:65:f9:b0:c4:24:55:89:6e:8d:9e:
3a:cf:e9:9a:f5:8c:e1:1b:ee:29:2b:3b:16:51:d8:
77:fe:95:f9:15:d3:a9:61:30:bc:94:0a:7d:98:87:
d2:82:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:6C:F7:40:34:DD:ED:0E:25:46:5D:16:65:4D:8F:ED:29:E8:5E:A7
X509v3 Authority Key Identifier:
keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
d6:e5:f9:73:b4:50:98:ab:e9:6d:44:ef:4c:32:c4:88:bc:40:
3d:1c:80:a2:04:09:da:e0:3d:9d:e2:c5:2b:1d:64:7b:84:81:
4a:30:57:5a:c0:49:48:77:0b:c0:15:3e:cd:52:a9:d7:33:29:
eb:95:ce:b1:a2:9b:7c:9d:ac:53:3d:a7:2c:b0:f1:a5:d2:81:
c2:23:ea:bb:cd:e4:3f:e3:18:b4:70:6d:7d:23:1c:82:cc:01:
67:f9:2e:a9:8a:9e:94:ac:aa:ef:a3:9c:66:13:e7:b9:11:2f:
e5:52:c2:fe:92:f6:85:3f:3d:35:ad:57:15:d9:b8:19:b8:43:
73:62:f0:5a:55:d6:f3:18:7c:9f:79:fc:11:b8:ac:f6:a7:14:
e0:93:b1:9a:a8:42:1a:32:a8:36:43:87:b4:0d:76:2f:a5:ca:
66:4b:c4:cf:58:ec:c2:75:1b:32:58:8c:be:cc:b8:4a:0c:bd:
75:17:3d:b9:21:0b:e8:57:ea:84:92:e2:f8:d2:35:11:23:62:
4d:64:d0:3b:db:d5:1c:14:03:a7:ff:d9:0a:64:eb:36:2d:79:
6b:13:9f:d4:8d:08:01:86:83:10:a4:24:88:ea:6a:b4:75:07:
ab:54:87:2a:b6:87:23:d9:b0:00:d4:ba:6a:1d:db:ab:49:f2:
59:40:1f:6e:32:13:15:a7:40:3d:6a:22:24:12:4e:47:42:37:
9c:27:f5:d2:93:3f:40:77:f8:c5:db:9b:f0:92:15:51:74:0d:
5b:3c:f5:8b:a1:9c:39:f9:8b:41:3a:7b:57:00:31:d6:ca:e1:
5f:ef:54:7d:69:ba:2f:ce:52:6f:77:f6:b6:2c:c8:d8:d5:bc:
c9:99:d1:5a:5e:0f:b7:a4:24:09:58:07:af:bf:bc:1b:42:7b:
9c:31:22:5a:b8:bb:24:24:af:5b:5e:f5:a3:48:b1:bb:5c:ed:
86:87:70:af:10:6c:4e:34:d1:3e:2d:03:a8:4a:bf:67:1c:c6:
61:18:b1:82:75:5b:a0:b2:2f:1e:8d:f8:6a:bd:47:53:94:b2:
2c:93:74:c4:d6:d0:28:42:cf:4b:2f:61:81:86:42:53:ce:2f:
6b:e2:8e:aa:bf:9e:d1:9d:6a:2a:d3:83:0b:c0:df:fc:19:f3:
58:a0:ed:14:65:0f:87:9d:53:0b:d0:8d:fe:bb:97:8c:97:84:
f8:d4:c0:2c:99:44:99:83:3f:6d:d4:e9:c5:b0:8d:b9:df:d7:
5c:d3:fd:b9:90:36:1f:83:ba:53:dd:d0:8a:c6:a1:85:85:39:
af:6b:9b:da:c3:1c:27:f3:3d:94:af:65:12:07:98:f5:5d:de:
1a:d3:32:15:7a:d7:f7:63
Chain CA:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4096 (0x1000)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = IR, ST = Tehran, L = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Root Certificate Authority, emailAddress = iu@sample.tld.com
Validity
Not Before: Jan 1 00:00:00 2018 GMT
Not After : Jan 1 00:00:00 2048 GMT
Subject: C = IR, ST = Tehran, O = SampleOrg, OU = Infrastructure Unit, CN = SampleOrg Intermediate Certificate Authority, emailAddress = iu@sample.tld.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:ad:d4:fd:41:15:a9:9e:ee:ef:09:3f:3f:54:55:
b4:bc:eb:15:d7:e8:3f:3d:5c:6a:f1:6e:83:33:da:
98:d5:e8:f8:ee:a3:62:a0:5a:bd:e0:a6:b3:c3:a1:
2c:7f:80:32:e5:f7:a9:0d:e0:33:2f:16:03:bd:59:
f4:47:6c:2b:6a:c3:d1:bf:a8:98:d6:1a:25:48:45:
94:cc:f4:3b:00:fa:3a:62:5f:1d:2e:e6:e3:cc:f8:
4e:78:8e:0d:93:ca:46:d9:b8:fa:45:f6:0d:8a:9d:
47:47:fe:10:1f:54:69:8c:eb:5d:71:d5:69:dc:0f:
12:9f:7b:a1:3e:e4:79:77:0b:f1:f3:33:9f:a8:75:
5c:3c:1f:38:96:c9:6f:8e:f4:b7:33:d8:51:c7:43:
42:1f:8f:7f:99:8e:d7:16:e0:cd:c8:c5:71:ac:4e:
07:c5:59:88:c6:97:55:a8:1c:ef:c8:43:30:25:7d:
8d:00:65:ab:bc:6f:d4:54:48:3b:6f:d6:e6:6f:ee:
da:3a:93:73:c3:9c:79:27:3a:fe:01:8f:67:24:91:
d1:92:1b:76:90:df:68:2b:8f:74:06:bd:f3:e3:96:
31:90:23:31:49:e9:76:51:ee:8f:3e:85:78:3c:99:
e4:84:4d:1a:61:86:8f:22:d2:b6:90:96:f4:ca:52:
c5:c7:3c:c9:cc:bd:3f:6b:56:df:df:21:0d:b3:09:
05:12:b5:37:ee:61:26:a6:0d:21:d7:52:f9:49:0d:
17:8c:44:ab:72:82:0c:db:05:33:77:67:70:bb:94:
4c:db:07:97:58:77:f2:28:95:6e:97:d2:f3:6f:fa:
b9:58:23:e1:39:81:b0:c5:1c:df:7f:45:5c:b1:8f:
89:bd:b8:51:0d:6a:a5:db:9d:8f:97:05:2d:fa:3b:
15:04:67:b4:b4:b2:fd:fb:69:b9:d3:73:0c:56:79:
e2:67:7a:0d:f8:6d:60:04:48:99:c4:7e:6a:8c:b0:
73:d1:70:a7:7d:0b:c5:6d:40:72:fb:58:fd:b4:46:
8c:a0:40:87:1c:23:75:1a:8a:4b:40:3b:f3:38:50:
18:3d:99:d3:2d:81:87:dc:27:22:39:36:fd:59:b9:
03:63:1c:76:ff:a8:0b:7b:8f:de:ff:6d:59:18:3e:
e5:a9:0f:b8:2f:fd:52:5a:7a:e4:d4:03:4b:25:9a:
50:e5:1b:80:ce:ab:4a:04:0e:5f:a8:31:01:38:ea:
7f:1e:b5:0a:a5:65:f9:b0:c4:24:55:89:6e:8d:9e:
3a:cf:e9:9a:f5:8c:e1:1b:ee:29:2b:3b:16:51:d8:
77:fe:95:f9:15:d3:a9:61:30:bc:94:0a:7d:98:87:
d2:82:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:6C:F7:40:34:DD:ED:0E:25:46:5D:16:65:4D:8F:ED:29:E8:5E:A7
X509v3 Authority Key Identifier:
keyid:4B:E6:00:6C:EB:DF:D8:4E:AB:EB:86:48:A2:8D:BB:18:09:C4:B4:6F
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Key Usage: critical
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: sha256WithRSAEncryption
d6:e5:f9:73:b4:50:98:ab:e9:6d:44:ef:4c:32:c4:88:bc:40:
3d:1c:80:a2:04:09:da:e0:3d:9d:e2:c5:2b:1d:64:7b:84:81:
4a:30:57:5a:c0:49:48:77:0b:c0:15:3e:cd:52:a9:d7:33:29:
eb:95:ce:b1:a2:9b:7c:9d:ac:53:3d:a7:2c:b0:f1:a5:d2:81:
c2:23:ea:bb:cd:e4:3f:e3:18:b4:70:6d:7d:23:1c:82:cc:01:
67:f9:2e:a9:8a:9e:94:ac:aa:ef:a3:9c:66:13:e7:b9:11:2f:
e5:52:c2:fe:92:f6:85:3f:3d:35:ad:57:15:d9:b8:19:b8:43:
73:62:f0:5a:55:d6:f3:18:7c:9f:79:fc:11:b8:ac:f6:a7:14:
e0:93:b1:9a:a8:42:1a:32:a8:36:43:87:b4:0d:76:2f:a5:ca:
66:4b:c4:cf:58:ec:c2:75:1b:32:58:8c:be:cc:b8:4a:0c:bd:
75:17:3d:b9:21:0b:e8:57:ea:84:92:e2:f8:d2:35:11:23:62:
4d:64:d0:3b:db:d5:1c:14:03:a7:ff:d9:0a:64:eb:36:2d:79:
6b:13:9f:d4:8d:08:01:86:83:10:a4:24:88:ea:6a:b4:75:07:
ab:54:87:2a:b6:87:23:d9:b0:00:d4:ba:6a:1d:db:ab:49:f2:
59:40:1f:6e:32:13:15:a7:40:3d:6a:22:24:12:4e:47:42:37:
9c:27:f5:d2:93:3f:40:77:f8:c5:db:9b:f0:92:15:51:74:0d:
5b:3c:f5:8b:a1:9c:39:f9:8b:41:3a:7b:57:00:31:d6:ca:e1:
5f:ef:54:7d:69:ba:2f:ce:52:6f:77:f6:b6:2c:c8:d8:d5:bc:
c9:99:d1:5a:5e:0f:b7:a4:24:09:58:07:af:bf:bc:1b:42:7b:
9c:31:22:5a:b8:bb:24:24:af:5b:5e:f5:a3:48:b1:bb:5c:ed:
86:87:70:af:10:6c:4e:34:d1:3e:2d:03:a8:4a:bf:67:1c:c6:
61:18:b1:82:75:5b:a0:b2:2f:1e:8d:f8:6a:bd:47:53:94:b2:
2c:93:74:c4:d6:d0:28:42:cf:4b:2f:61:81:86:42:53:ce:2f:
6b:e2:8e:aa:bf:9e:d1:9d:6a:2a:d3:83:0b:c0:df:fc:19:f3:
58:a0:ed:14:65:0f:87:9d:53:0b:d0:8d:fe:bb:97:8c:97:84:
f8:d4:c0:2c:99:44:99:83:3f:6d:d4:e9:c5:b0:8d:b9:df:d7:
5c:d3:fd:b9:90:36:1f:83:ba:53:dd:d0:8a:c6:a1:85:85:39:
af:6b:9b:da:c3:1c:27:f3:3d:94:af:65:12:07:98:f5:5d:de:
1a:d3:32:15:7a:d7:f7:63
sweb
Posted 2018-11-14T18:43:28.680
Reputation: 679
1
openssl x509 -noout -text -in <certificate file>will give you a better view of your certificates than an image. Copy/paste the output for all of your certificates into your question. – garethTheRed – 2018-11-14T19:17:54.770@garethTheRed added. – sweb – 2018-11-14T19:54:13.857
2You only add the Root CA certificate to Firefox (or any other browser and/or Operating System). All other certificates are added to the bundle end-entity first, followed by the CA that signed it, followed by the CA that signed that, all the way to the last Intermediate CA. There's no need to add the Root CA here as that's installed in Firefox (or similar). This bundle is then installed in your web-server. – garethTheRed – 2018-11-14T21:14:50.677