Do I need to use the bundle-ca when generating a pfx?

certificate ssl ssl-certificate certificate-authority

Solution 1:

couple of things:

  1. NEVER EVER use online tools to convert PEM/KEY to PFX or PFX to PEM/KEY, because you compromise your private key. They will have a full copy of your certificate including private key and can impersonate the entity entitled in certificate and potentially can spoof you.

  2. Although not required it is generally recommended to include additional CA certificates in the case if they aren't presented on target/client systems. These certificates will be sent to clients from web server (assuming you are talking about TLS certificate) and boost/simplify certificate validation on client. In this case, clients are not required to have installed copy of intermediate CA certificate, they will be provided automatically during TLS handshake from bundle installed on a server.

Related

Windows server how to install newest apache with php 5.6 [closed]
Mail Enable email headers when sending emails via ASP.NET
What kind of server has 416 cores?
Linux: disable wtmp/utmp, sshd ip logging and any mentions of ip that does remote access
How do I configure a Linux VPN Client to get into a network through a Fortigate firewall?
Powershell query lastlogondate (lastlogontimestamp) returning mostly blank values (not matching the ADSIedit value for corresponding user attribute)
Why is AWS S3 Object count is measured iin units used to measure file size?
Disable Clipboard Mapping and Remote Drive Mapping for RDP
How to win_ping to hosts with inventory and group_vars files?
Is it possible to retain IP address when stopping/starting an AWS EC2 instance?
Robocopy command is very slow over the network
Why doesn't my crontab -e execute the .sh script?