Score:0

Do I need to use the bundle-ca when generating a pfx?

br flag

I just bought a "Positive SSL certificate". The crt files and bundle-ca from the issuing company (Sectigo) arrived via email. To generate the pfx I use the "PEM TO PKCS #12" from this site https://decoder.link/converter. Is it necessary that in "Bundle File" I insert the bundle-ca received? The pfx certificate is still generated even without inserting it, so I wonder what is needed and if excluding it there are problems related to security.

Score:1
cn flag

couple of things:

  1. NEVER EVER use online tools to convert PEM/KEY to PFX or PFX to PEM/KEY, because you compromise your private key. They will have a full copy of your certificate including private key and can impersonate the entity entitled in certificate and potentially can spoof you.

  2. Although not required it is generally recommended to include additional CA certificates in the case if they aren't presented on target/client systems. These certificates will be sent to clients from web server (assuming you are talking about TLS certificate) and boost/simplify certificate validation on client. In this case, clients are not required to have installed copy of intermediate CA certificate, they will be provided automatically during TLS handshake from bundle installed on a server.

Sauron avatar
br flag
Thanks for the tips. If I understand correctly, by including the bundle-ca during the generation of the pfx, can I avoid installing the ca-authority in the root store?
cn flag
Certificates from bundle are not automatically installed to root store. Most operating systems prevent this. Root store is updated explicitly either, manually, or using administrative tools. Certificate installation doesn't update root store.
Sauron avatar
br flag
I created a related question here https://serverfault.com/questions/1068263/
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.