Skip to main content
Information Security

Return to Question

Tweeted twitter.com/StackSecurity/status/717253468776435712
Adjusted formatting
Source Link
RoraΖ
RoraΖ
  • 12.5k
  • 4
  • 54
  • 84

Recently I bought a SSL cert from comodo for my domain - orakoha.com

After submitting the CSR etc, domain control verification etc, I am issued with a zip file containing 4 document which I believe are my issued certificate, intermediate ca certificates and the root certificate.

  1. www_orakoha_com.crt
  2. COMODORSADomainValidationSecureServerCA.crt
  3. COMODORSAAddTrustCA.crt
  4. AddTrustExternalCARoot.crt (root certificate)

My question are as below

a) When a browser visit my site (e.g. www.orakoha.com), download my cert and see that it does not have the issuing ca (intermediate ca's public key), will it automatically download those intermediate cert (e.g. COMODORSAAddTrustCA.crt) from my webserver ? or it will prompt the end-user (using the browser) whether he/she wanted to install those certs?

b) If a browser does not have the root certificate of the root ca issuing the intermediate certs/my cert, what will happen? will my webserver send the root cert over and the browser will prompt whether to install the root cert or not?

c) How do I see what are the root certs that are already installed in the browser?

  • When a browser visit my site (e.g. www.orakoha.com), download my cert and see that it does not have the issuing ca (intermediate ca's public key), will it automatically download those intermediate cert (e.g. COMODORSAAddTrustCA.crt) from my webserver ? or it will prompt the end-user (using the browser) whether he/she wanted to install those certs?
  • If a browser does not have the root certificate of the root ca issuing the intermediate certs/my cert, what will happen? will my webserver send the root cert over and the browser will prompt whether to install the root cert or not?
  • How do I see what are the root certs that are already installed in the browser?

Recently I bought a SSL cert from comodo for my domain - orakoha.com

After submitting the CSR etc, domain control verification etc, I am issued with a zip file containing 4 document which I believe are my issued certificate, intermediate ca certificates and the root certificate.

  1. www_orakoha_com.crt
  2. COMODORSADomainValidationSecureServerCA.crt
  3. COMODORSAAddTrustCA.crt
  4. AddTrustExternalCARoot.crt (root certificate)

My question are as below

a) When a browser visit my site (e.g. www.orakoha.com), download my cert and see that it does not have the issuing ca (intermediate ca's public key), will it automatically download those intermediate cert (e.g. COMODORSAAddTrustCA.crt) from my webserver ? or it will prompt the end-user (using the browser) whether he/she wanted to install those certs?

b) If a browser does not have the root certificate of the root ca issuing the intermediate certs/my cert, what will happen? will my webserver send the root cert over and the browser will prompt whether to install the root cert or not?

c) How do I see what are the root certs that are already installed in the browser?

Recently I bought a SSL cert from comodo for my domain - orakoha.com

After submitting the CSR etc, domain control verification etc, I am issued with a zip file containing 4 document which I believe are my issued certificate, intermediate ca certificates and the root certificate.

  1. www_orakoha_com.crt
  2. COMODORSADomainValidationSecureServerCA.crt
  3. COMODORSAAddTrustCA.crt
  4. AddTrustExternalCARoot.crt (root certificate)

My question are as below

  • When a browser visit my site (e.g. www.orakoha.com), download my cert and see that it does not have the issuing ca (intermediate ca's public key), will it automatically download those intermediate cert (e.g. COMODORSAAddTrustCA.crt) from my webserver ? or it will prompt the end-user (using the browser) whether he/she wanted to install those certs?
  • If a browser does not have the root certificate of the root ca issuing the intermediate certs/my cert, what will happen? will my webserver send the root cert over and the browser will prompt whether to install the root cert or not?
  • How do I see what are the root certs that are already installed in the browser?
deleted 5 characters in body
Source Link
Mike Ounsworth
Mike Ounsworth
  • 59.6k
  • 21
  • 167
  • 219

Recently i justI bought a SSL cert from comodo for my domain - orakoha.comorakoha.com

After submitting the CSR etc, domain control verification etc, iI am issued with a zip file ofcontaining 4 document which iI believe are my issued certificate, intermediate ca certificates and the root certificate.

  1. www_orakoha_com.crtwww_orakoha_com.crt
  2. COMODORSADomainValidationSecureServerCA.crtCOMODORSADomainValidationSecureServerCA.crt
  3. COMODORSAAddTrustCA.crtCOMODORSAAddTrustCA.crt
  4. AddTrustExternalCARoot.crtAddTrustExternalCARoot.crt (root certificate)

My question are as below

a) whenWhen a browser visit my site (e.g. www.orakoha.comwww.orakoha.com), download my cert and see that it does not have the issuing ca (intermediate ca's public key), will it automatically download those intermediate cert (e.g. COMODORSAAddTrustCA.crtCOMODORSAAddTrustCA.crt) from my webserver ? or it will prompt the end-user  (using the browser) whether he/she wanted to install those certs  ?

b) ifIf a browser does not have the root certificate of the root ca issuing the intermediate certs/my cert, what will happen  ? will my webserver send the root cert over and the browser will prompt whether to install the root cert or not  ?

c) howHow do iI see what are the root certs that are already installed in the browser  ?

Regards,

Noob

Recently i just bought a SSL cert from comodo for my domain - orakoha.com

After submitting the CSR etc, domain control verification etc, i am issued with a zip file of 4 document which i believe are my issued certificate, intermediate ca certificates and the root certificate.

  1. www_orakoha_com.crt
  2. COMODORSADomainValidationSecureServerCA.crt
  3. COMODORSAAddTrustCA.crt
  4. AddTrustExternalCARoot.crt (root certificate)

My question are as below

a) when a browser visit my site (e.g. www.orakoha.com), download my cert and see that it does not have the issuing ca (intermediate ca's public key), will it automatically download those intermediate cert (e.g. COMODORSAAddTrustCA.crt) from my webserver ? or it will prompt the end-user(using the browser) whether he/she wanted to install those certs  ?

b) if a browser does not have the root certificate of the root ca issuing the intermediate certs/my cert, what will happen  ? will my webserver send the root cert over and the browser will prompt whether to install the root cert or not  ?

c) how do i see what are the root certs that are already installed in the browser  ?

Regards,

Noob

Recently I bought a SSL cert from comodo for my domain - orakoha.com

After submitting the CSR etc, domain control verification etc, I am issued with a zip file containing 4 document which I believe are my issued certificate, intermediate ca certificates and the root certificate.

  1. www_orakoha_com.crt
  2. COMODORSADomainValidationSecureServerCA.crt
  3. COMODORSAAddTrustCA.crt
  4. AddTrustExternalCARoot.crt (root certificate)

My question are as below

a) When a browser visit my site (e.g. www.orakoha.com), download my cert and see that it does not have the issuing ca (intermediate ca's public key), will it automatically download those intermediate cert (e.g. COMODORSAAddTrustCA.crt) from my webserver ? or it will prompt the end-user  (using the browser) whether he/she wanted to install those certs?

b) If a browser does not have the root certificate of the root ca issuing the intermediate certs/my cert, what will happen? will my webserver send the root cert over and the browser will prompt whether to install the root cert or not?

c) How do I see what are the root certs that are already installed in the browser?

Source Link
Noob
Noob
  • 491
  • 1
  • 7
  • 11

Certificate Chain - intermediate and root certificate - installed required?

Recently i just bought a SSL cert from comodo for my domain - orakoha.com

After submitting the CSR etc, domain control verification etc, i am issued with a zip file of 4 document which i believe are my issued certificate, intermediate ca certificates and the root certificate.

  1. www_orakoha_com.crt
  2. COMODORSADomainValidationSecureServerCA.crt
  3. COMODORSAAddTrustCA.crt
  4. AddTrustExternalCARoot.crt (root certificate)

My question are as below

a) when a browser visit my site (e.g. www.orakoha.com), download my cert and see that it does not have the issuing ca (intermediate ca's public key), will it automatically download those intermediate cert (e.g. COMODORSAAddTrustCA.crt) from my webserver ? or it will prompt the end-user(using the browser) whether he/she wanted to install those certs ?

b) if a browser does not have the root certificate of the root ca issuing the intermediate certs/my cert, what will happen ? will my webserver send the root cert over and the browser will prompt whether to install the root cert or not ?

c) how do i see what are the root certs that are already installed in the browser ?

Regards,

Noob