【Notes】Let’s Encrypt certificate related

1. Normal Let’s Encrypt produceCertificate of:
– 「ISRG Root X1 (Let’s Encrypt)"'S self-signed Root certificate(Can also be downloaded from the web)。
– 「R3 (Let’s Encrypt)"Signed to "*.abc.com" domain certificate,This certificate also contains "DST Root CA X3 (IdenTrust)"Signed to "R3 (Let’s Encrypt)Intermediate certificate。

 

2. Complete issuance certificate:
– 「ISRG Root X1 (Let’s Encrypt)"'S self-signed Root certificate(Can be downloaded from the web)。
– 「ISRG Root X1 (Let’s Encrypt)"Signed to "R3 (Let’s Encrypt)Intermediate certificate(Can be downloaded from the web)。
– 「R3 (Let’s Encrypt)"Signed to "*.abc.com" domain certificate。

 

3. Since Let’s Encrypt is still a very new certificate authority,ISRG Root X1 is not yet trusted by most browsers。In order for the issued certificate to be widely trusted,Let’s Encrypt grants IdenTrust a root certificate trusted by mainstream browsers,Intermediate certificate generated after interactive signature。Therefore, another complete set of issued certificates is as follows:
– 「DST Root CA X3 (IdenTrust)"'S self-signed Root certificate(Can be downloaded from the web)。
– 「DST Root CA X3 (IdenTrust)"Signed to "R3 (Let’s Encrypt)Intermediate certificate(Can be downloaded from the web,Also included in the next R3 certificate to the domain name)。
– 「R3 (Let’s Encrypt)"Signed to "*.abc.com" domain certificate。

 

4. When some Netcom devices use SSL certificates,need to use 3. Certificate of。

 

5. Import "R3 (Let’s Encrypt)"After signing the domain certificate for "*.abc.com",Will “DST Root CA X3 (IdenTrust)"Signed to "R3 (Let’s Encrypt)"The intermediate certificate is separated and displayed。In addition, the built-in root certificate in Windows has "DST Root CA X3 (IdenTrust)"'S self-signed Root certificate。

 

【參考連結】

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.