Mark.TwoFive/home-cert-assistant
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Wiki Activity Actions

feat: Tertiary full chain supprt

Browse source 
- Technically, CAs and intermediate CAs do not use "fullchain" certificates, but it is useful to us to include the entire certificate chain in the leaf certificate
This commit is contained in:
Magnus Leßmann (@MarkL4YG) 2024-11-22 12:55:05 +01:00
parent c7f05f1337
commit b39242baba
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/main/java/de/mlessmann/certassist/openssl/OpenSSLCertificateCreator.java
View file

@ -106,7 +106,10 @@ public class OpenSSLCertificateCreator {
Path fullchain = tmpDir.resolve("fullchain.pem"); Path fullchain = tmpDir.resolve("fullchain.pem");
try { try {
Files.write(fullchain, Files.readAllBytes(certAuthority.certificatePath()), StandardOpenOption.CREATE); Path certAuthFullchain = Optional
.ofNullable(certAuthority.fullchainPath())
.orElse(certAuthority.certificatePath());
Files.write(fullchain, Files.readAllBytes(certAuthFullchain), StandardOpenOption.CREATE);
Files.write(fullchain, Files.readAllBytes(signedCert), StandardOpenOption.APPEND); Files.write(fullchain, Files.readAllBytes(signedCert), StandardOpenOption.APPEND);
} catch (IOException e) { } catch (IOException e) {
throw new CommandLineOperationException("Failed to create fullchain file.", e); throw new CommandLineOperationException("Failed to create fullchain file.", e);