Intermediate CA SSL File - How to use

[BColladay]

So my NTWS in its current state has a bundled crt file and a key file.  I have the site certificate as the first certificate, then the intermediates and root certificates all in the same file: pdsweb.crt which the NTWS uses.  When I do the openssl connect and showcert commands I get the attached file as the output.  The other attached file is the pdsweb.crt that NTWS is using.  Does that shed any light?

[attachment deleted by admin]

[Bruce]

Hi Ben,

Sorry for the rather long delay, but you'll be pleased to know Intermediate Certificates are good to go in version 5.07.

I made some tweaks so that you can merge an intermediate.crt file with your crt file. (you've tried this already I know, but with my tweaks it now works.)

Cheers
Bruce

[BColladay]

 
Very nice!  What an excellent Christmas present!

[BColladay]

I can report that this works in 5.07.  Thanks

[JohnNZ]

I have a client running a C6.3 NetTalk 4 site.

They have a Thwate certificate that expires on 25 Jan 2011.  The newly issued Thwate certificate uses an Intermediate CA SSL file.

Will there be a patch for NetTalk 4 that fixes the Intermediate Certificate problem for NetTalk 4?

[Bruce]

I've back-ported the support into NetTalk 4 version 4.55, which should go up to our web site today.

Cheers
Bruce

[JohnNZ]

Thank you very much Bruce - much appreciated.

[sstockst]

Bruce,
Porting this solution back to 4.x is an awesome way to run a software company, thanks!
I'm going to upgrade to NetTalk 5 as a way of encouraging you to continue to run your software business like this.

I have upgraded to the current release of NetTalk 4.57 and am struggling a bit with this intermediate certificate merging/combining solution.
As a test, I have a new Comodo SSL certificate with one root, 3 intermediates, and then my final certificate. That makes for 5 certificates in total. I have been unable to make this work. Is there a limit in size or # of certificates that can be registered?

Thanks
Steve Stockstill
Data Equity LLC

[Bruce]

Hi Steve,

thanks for the kudos, and the order.

On your SSL issue - when you say "unable to make this work" can you define what actually is happening? Perhaps the error is unrelated to the certs. Try turning off "Suppress Error Messages" while debugging, this may give us some more clues.

There's no limit to the certs in the cert field as far as I know.

cheers
Bruce

[sstockst]

By not working I mean I see the same symptoms that you would see if you were missing the SSL runtime. The server starts, but will not accept requests.

Your comment:
"I made some tweaks so that you can merge an intermediate.crt file with your crt file. (you've tried this already I know, but with my tweaks it now works.)"

This is what I was referring to in terms of "how many". I have 5 certs that are chained. The top root, three intermediates and my final. I have tried taking all certs and placing in a single file. This does not work. I can use single root certifications all day :-)

Does this make better sense?

NetTalk 4.57

Thanks!
Steve Stockstill

[Bruce]

Hi Steve,

Thanks - yes. Two things to try;

a) turn off Suppress Error Messages to see if you get any errors and

b) I know this is obvious - but make sure you have the latest NT 4 DLL (C60NETX.DLL) in the application folder.
The changes in the DLL are internal, so if you had the wrong DLL it would just kinda, not be any different.

Cheers
Bruce

[Bruce]

One thing I noticed here - the intermediate certificate needed to come _after_ my certificate in the crt file.

cheers
Bruce