TechQA.

Why use a different certificate for trusted_ca_cert in Caddy and not just the client certificate?

68 views Asked by At

I want to configure TLS client auth with Caddy.

I tried the following steps I found on the internet:

openssl req -x509 -newkey rsa:4096 -keyout cert_name.key -out cert_name.crt -days 900
openssl req -new -key cert_name.key -out cert_name.csr
openssl x509 -req -days 900 -in cert_name.csr -signkey cert_name.key -out cert_name-CA.crt
cat cert_name.crt cert_name.key > cert_name.pem
openssl pkcs12 -export -out cert_name.p12 -inkey cert_name.key -in cert_name.pem

For the Caddyfile, I used

tls {
  client_auth {
    trusted_ca_cert_file cert_name-CA.crt
  }
}

I found out it works the same if I skip lines 2 + 3:

openssl req -x509 -newkey rsa:4096 -keyout cert_name.key -out cert_name.crt -days 900
cat cert_name.crt cert_name.key > cert_name.pem
openssl pkcs12 -export -out cert_name.p12 -inkey cert_name.key -in cert_name.pem

and use

tls {
  client_auth {
    trusted_ca_cert_file cert_name.crt
  }
}

for the Caddyfile.

What is the difference and which approach is correct?

ssl openssl caddy caddyfile
Original Q&A
0

There are 0 answers

Related Questions in SSL

Related Questions in OPENSSL

Related Questions in CADDY

Related Questions in CADDYFILE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions