What's the `x_budle-g2-g1.crt` in Apache certificate directory?
I applied the Apache certificates from Goddady, in the directory there have:
I checked them, the x.crt content is as the same as x.pem(only one CERTIFICATE), the x_bundle-g2-g1.crt has 3 CERTIFICATE in it.
Why there need the same content x.crt and x.pem?
What's the function of x_bundle-g2-g1.crt, where there have 3 CERTIFICATE, whether them refer to x_bundle, g2 and g1?
I'd guess that X.pem is your server certificate, and it is issued by GoDaddy Secure Certificate Authority - G2
Then x_bundle-g2-g1.crt is the chain of trust till the root GoDaddy certificate.
Check the contents of x_bundle-g2-g1.crt using openssl command:
openssl crl2pkcs7 -nocrl -certfile x_bundle-g2-g1.crt | openssl pkcs7 -print_certs -text -noout | grep -E 'Subject:|Issuer:'
This hack is to print all certificates in PEM file
I expect the output would be like this:
Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
Subject: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
Issuer: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
Subject: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
Issuer: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
Subject: C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
That is,
Go Daddy Secure Certificate Authority - G2signed byGo Daddy Root Certificate Authority - G2Go Daddy Root Certificate Authority - G2- self-signed
Go Daddy Class 2 Certification Authority
Check which certificates your web server provides to the client:
openssl s_client -showcerts -servername YOUR_SERVER -connect YOUR_SERVER:443 </dev/null
I'd bet that it provides the complete chain -
- your server certificate from
X.pem - Go Daddy Secure Certificate Authority - G2
- Go Daddy Root Certificate Authority - G2
This is a precaution for end systems, such as brosers, that miss intermediate GoDaddy certificate.
- Math.Sin() gives incorrect value
- How to run my python script when the sunOS is start booting
- Express-session: not resetting cookie expiration on each request
- Getting a stack overflow exception when normalizing a vector
- Edit default summary function in R gives error for multiple variables
- What was a For loop? Why isn't it needed in R?
- How to use download button in shiny and save results in various formats (csv, texte, pdf, spss...)?
- Why are there two assignment operators, `<-` and `->` in R?
- lm()$assign: what is it?
- How to get the value of list(...) in R and S functions
- Design matrix for MLM from library(lme4) with fixed and random effects
- how to generate elements not included in my sample
- Create a matrix with gradually changing values without a for loop
- Emacs ESS and S-plus ( S+ ) 8.1 compatability
- How to lag date-index in a time-series in R?
- Nonlinear regression in R / S
- Calling R from S-Plus?