mellow-yellow

Asked: 2016-04-20 04:20:37 +0800 CST2016-04-20 04:20:37 +0800 CST 2016-04-20 04:20:37 +0800 CST

Apache: Intermediate CA on "dark network" (no internet access)

Background: Apache 2.4 (server) and Windows 7 Internet Explorer (client) using PKI; both machines are on a "dark network" (no internet access).

Question: In the SSL handshake, how does the client receive the intermediate CA? Can't it use the Apache-provided one?

My attempt:

Apache serves (1) server's certificate, (2) intermediate CA, (3) root CA to the client

Client attempts to verify the chain via internet, fails, checks locally

Troubleshooting: I have run a Fiddler and netsh trace, and the client tries--though obviously fails--to contact the intermediate CA authority. Ultimately, the SSL connection succeeds. I'm trying to understand how the client verifies the intermediate CA without internet access and without a locally saved certificate.

Apache: Intermediate CA on "dark network" (no internet access)

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Apache: Intermediate CA on "dark network" (no internet access)

0 Answers