Include all certificates in the certification path if possible

Home Forums Security General Security Include all certificates in the certification path if possible

This topic contains 3 replies, has 4 voices, and was last updated by  shefi 6 months, 2 weeks ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts

  • loureed4
    Member
    #167564

    [ATTACH=JSON]{“data-align”:”none”,”data-attachmentid”:”517097″,”data-size”:”full”}[/ATTACH] Hello,

    Do you know what is the use of that option (that I highlight in the attached screenshot) ?

    “Include all certificate in the certification path if possible.”

    Thanks in advance.

    Blood
    Blood
    Moderator
    #337385

    According to this site: https://support.comodo.com/index.php?/comodo/Knowledgebase/Article/View/678/0/exporting-and-restoring-a-pfx-file-to-iis

    “You will now have PFX file which is ready for transport. This file typically contains just your certificate and private key rolled into one file. Note:If you selected Include all certificates in the certification path if possible, then your file will contain the full certificate chain with the private key and end entity/domain certificate.”


    shefi
    Member
    #380057

    Thanks Blood.

    So, does it contain the root certificate of a CA ? Is that good? ( I am not an expert on PKIs )


    Anonymous
    #372101

    Since the entire chain us selected, then yes the root CA cert of the chain that issued your site-specific cert is included. Your PFX file should actually contain at least 3 certs in total:
    *-the public key cert you requested
    *-the public key cert of the intermediate CA that issued your cert
    *-the public key of the root CA that authorises the intermediate CA to issue any cert

    It’s possible there may be extra intermediate CAs, depending on how big the chain is, and i can’t recall ever having seen such, but it is not impossible.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.