AnsweredAssumed Answered

trust all child certificate of a root ca recursively

Question asked by res13 on Jun 1, 2017
Latest reply on Jun 20, 2017 by res13

Hi,

 

For a https connection to an external service we have the intermediate certificate (which signed the server certificate of the external service) in the api gateway trust store. This works fine.

 

  • Root CA
    • Intermediate CA --> This is trusted in the apigw and works
      • Server Certificate

 

Unfortunately these intermediate certificates changes a lot, which causes backend routing errors.

That's why I tried to import only the root ca (which signed the intermediate certificates) for the https connection. But It is not able to validate the server certificate with the Root ca even though the backend server provides the whole chain until the root ca.

 

  • Root CA --> It is not enough to trust only this ca
    • Intermediate CA
      • Server Certificate

 

Is this even possible or do I always have to add intermediate CAs? 

PS: I already tried out every option (Import as trust anchor, import certification chain) but it didn't help...

 

Regards,

Andi

Outcomes