[Pki-devel] [PATCH] 0069 Import certs as DER-encoded X.509 in Chrome
Fraser Tweedale
ftweedal at redhat.com
Mon Feb 15 04:32:55 UTC 2016
On Thu, Feb 11, 2016 at 09:58:17PM -0600, Endi Sukma Dewata wrote:
> On 1/12/2016 7:37 PM, Fraser Tweedale wrote:
> >The attached patch fixes certificate import in Chrome.
> >https://fedorahosted.org/pki/ticket/1245#comment:5
> >
> >Thanks,
> >Fraser
>
> If I understand it correctly, the importCAChain=false means that the server
> will return only the leaf certificate in DER format instead of the entire
> certificate chain in PKCS #7 format. Does this mean the certificate chain
> will have to be imported separately, and how?
>
That is correct. Chrome apparently does not support chain import
(only a single cert can be imported). Requires more investigation
as to how to import intermediaries. I might file a separate ticket
for that, or OTOH I can withdraw this patch until a "proper" fix can
be found (if there is one).
Cheers,
Fraser
More information about the Pki-devel
mailing list