From ccec46b92ae58238f128e6823d369e42d4d0b3fe Mon Sep 17 00:00:00 2001 From: Arun Subramanian Date: Fri, 23 Feb 2024 09:35:39 -0600 Subject: [PATCH 1/3] updating cert titles and links --- docs/webhooks/03-Mutual-TLS.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/webhooks/03-Mutual-TLS.md b/docs/webhooks/03-Mutual-TLS.md index 2eeb523..46acd72 100644 --- a/docs/webhooks/03-Mutual-TLS.md +++ b/docs/webhooks/03-Mutual-TLS.md @@ -21,10 +21,10 @@ These steps assume you already have server authentication setup. In general, there are five steps needed to turn on client authentication for your server: -1. Download the PEM version of the [DigiCert Global Root CA](https://cacerts.digicert.com/DigiCertGlobalRootCA.crt.pem) certificate. +1. Download the PEM version of the [DigiCert Global Root G2](https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem) certificate. 2. Turn on client certificate verification. 3. Specify the CA certificate from step 1 as trusted. -4. Set the verification depth to 2 since our PagerDuty certificate is actually signed by the [DigiCert SHA2 Secure Server CA](https://dl.cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt) which is an intermediate CA under DigiCert Global Root CA. +4. Set the verification depth to 2 since our PagerDuty certificate is actually signed by the [DigiCert Global G2 TLS RSA SHA256 2020 CA1](https://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt.pem) which is an intermediate CA under DigiCert Global Root CA. 5. Verify the client certificate is actually from PagerDuty by inspecting its Subject Domain Name. Now we will go over sample server configurations for NGINX and Apache. From c54dfcf6c232913693c67608b9d7eb503318ddc0 Mon Sep 17 00:00:00 2001 From: Arun Subramanian Date: Fri, 23 Feb 2024 10:26:41 -0600 Subject: [PATCH 2/3] updating MTLS page to reference Cert page --- docs/webhooks/03-Mutual-TLS.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/webhooks/03-Mutual-TLS.md b/docs/webhooks/03-Mutual-TLS.md index 46acd72..c81a44c 100644 --- a/docs/webhooks/03-Mutual-TLS.md +++ b/docs/webhooks/03-Mutual-TLS.md @@ -21,10 +21,10 @@ These steps assume you already have server authentication setup. In general, there are five steps needed to turn on client authentication for your server: -1. Download the PEM version of the [DigiCert Global Root G2](https://cacerts.digicert.com/DigiCertGlobalRootG2.crt.pem) certificate. +1. Download the PEM version of the DigiCert Global Root G2 certificate from our [Public Certificates Page](../../docs/webhooks/08-Certificates.md). 2. Turn on client certificate verification. 3. Specify the CA certificate from step 1 as trusted. -4. Set the verification depth to 2 since our PagerDuty certificate is actually signed by the [DigiCert Global G2 TLS RSA SHA256 2020 CA1](https://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt.pem) which is an intermediate CA under DigiCert Global Root CA. +4. Set the verification depth to 2 since our PagerDuty certificate is actually signed by the intermediate CA under DigiCert Global Root G2. 5. Verify the client certificate is actually from PagerDuty by inspecting its Subject Domain Name. Now we will go over sample server configurations for NGINX and Apache. From 5a4b44dd186af9a5300231b5af7d53ecae523d2a Mon Sep 17 00:00:00 2001 From: Arun Subramanian Date: Fri, 23 Feb 2024 12:29:32 -0600 Subject: [PATCH 3/3] pr feedback --- docs/webhooks/03-Mutual-TLS.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/webhooks/03-Mutual-TLS.md b/docs/webhooks/03-Mutual-TLS.md index c81a44c..c9a3f71 100644 --- a/docs/webhooks/03-Mutual-TLS.md +++ b/docs/webhooks/03-Mutual-TLS.md @@ -21,10 +21,10 @@ These steps assume you already have server authentication setup. In general, there are five steps needed to turn on client authentication for your server: -1. Download the PEM version of the DigiCert Global Root G2 certificate from our [Public Certificates Page](../../docs/webhooks/08-Certificates.md). +1. Download the PEM version of the DigiCert Root certificate from our [Public Certificates Page](../../docs/webhooks/08-Certificates.md). 2. Turn on client certificate verification. 3. Specify the CA certificate from step 1 as trusted. -4. Set the verification depth to 2 since our PagerDuty certificate is actually signed by the intermediate CA under DigiCert Global Root G2. +4. Set the verification depth to 2 since our PagerDuty certificate is actually signed by an intermediate. 5. Verify the client certificate is actually from PagerDuty by inspecting its Subject Domain Name. Now we will go over sample server configurations for NGINX and Apache.