Intermediate Certificates
2 years back, I have been provided with .cer (SSL Certificate )and .pfx( Digital Signing Certificate) file by the vendor to connect to an Webservice .
While coding in VC++ I used ".pk8" or "".pem"for the testing after converting the cer using openSSL and was able to make connection in dev and production.
Now after 2 years, I have got an "Intermediate Certificate" from the vendor. I wanted to know since we have never installed certificates in production server browser as the process calls the private and public keys from the files stored locally , extracted from root certificates and those certificates were not installed on the server browser, so I really need "Intermediate Certificates"?
I am able to connect to in development without the use of intermediate certificates. am I missing anything?
While coding in VC++ I used ".pk8" or "".pem"for the testing after converting the cer using openSSL and was able to make connection in dev and production.
Now after 2 years, I have got an "Intermediate Certificate" from the vendor. I wanted to know since we have never installed certificates in production server browser as the process calls the private and public keys from the files stored locally , extracted from root certificates and those certificates were not installed on the server browser, so I really need "Intermediate Certificates"?
I am able to connect to in development without the use of intermediate certificates. am I missing anything?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
depends on the server. normally though, the process from a commercial CA is that you generate a local CSR file, which you upload to the CA; you get back from that a CER file (actually a DER or PEM encoded certificate) which you then import into the system that generated the CSR, and it combines it (internally) with the secret key to form a pair.
That can then be exported as a pkcs #12 (p12 or pfx) file, but usually isn't (other than for backup purposes) as usually the system generating the CSR is also the server that will be using it.
That can then be exported as a pkcs #12 (p12 or pfx) file, but usually isn't (other than for backup purposes) as usually the system generating the CSR is also the server that will be using it.
ASKER