Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Missing Docs for cert.pem, chain.pem, fullchain.pem, etc #608
When this goes live, where will the intermediate certificates be located?
Searching the docs for
I just [asked on the mailing list](See https://groups.google.com/a/letsencrypt.org/forum/#!topic/client-dev/jE5uK4lPx5g), but it seems it should be an issue on here as well.
Currently we have these files:
But we don't know what goes in them. With the current dummy certificate it puts the Root CA in the
This is extremely important because some webservers are lax, others are strict, others barf if you give too much info, others silently fail if you give to little.
I've already written some documentation and demo code based on assumption, but I already know that that's going to blow up in my face if I don't get the details correct.
In order for greatest compatibility with various servers it would seem that we need a file that bundles the server + intermediate certificates, and excludes the root certificate. I'm hoping that's what
Once I know the technical details as to what these files are supposed to represent, I may open another issue to discuss the need for additional files.
Peter E. writes
referenced this issue
Oct 22, 2015
The names should be standardized across clients, not just for python. The last thing in the world I want is a new standard that is too pansy too actually define a standard.
Remember the OAuth2 debacle? Where EVERYTHING is vender specific and no two implementations are actually compatible? TERRIBLE experiences. Hours upon hours of wasted time and lines upon lines of wasted code.
Let's bring it right to the homepage of letsencrypt.org and make sure it sticks.
Put some language in the RFC "MUST be exported to PEM plaintext as fullchain.pem ..." and later "clients SHOULD allow export names to be configured". That way the standard is clear, but people that are boneheads and have to do everything "their way" just to gratify their own programmer arrogance and pride (like myself, for example), can still configure it to be some other confusing name if they want to.
And that's the whole Zen of python anyway right? Tell 'em how it's gonna be, but put configuration over convention to avoid confusion and allow user choice.