Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
509
Views
0
Helpful
1
Replies

Understanding chaingroups

shday
Level 1
Level 1

‎06-29-2011 01:58 PM

     I have several web sites some that I host for customer and some sites that I host of my own.  I have intermediate certificates that I've pulled from Verisign and Thawte for my sites, but I also have intermediate certs that were provided by my customers when they gave me their cert and key.  Can I create a single chaingroup for all my intermediate certs including my Verisign and Thawte certs and include my customers and apply the same chaingroup to all my ssl-proxy services?  Or do I have to keep them all seperated based on certificate vendor and customer?  Are the intermediates somehow associated with the cert and key.

I'm not clear on how the chaingroup actually works. 

Labels:
0 Helpful
1 Reply 1

Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee

‎06-30-2011 12:20 AM

Good morning,

A chain group should include the server certificate along with all the intermediate certificates (regardless of who issued them) that are required to validate that certificate. When a client establishes a connection, all the certificates in the chain group will be sent to the client so that it can check the validity of the server certificate.

I hope this makes it a bit more clear. For more details, you can refer to the link below:

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/ssl/guide/certkeys.html#wp999546

Regards

Daniel

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card