Assistance #70

Zinn/nvca - CA Chain

Added by omeunier 3724 days ago. Updated 3688 days ago.

Status:Solved Start:07/20/2010
Priority:Normal Due date:
Assigned to:pnl % Done:


Category:- Spent time: -
Target version:-


Arguments for nvca script are: <key> <certificate> and <CA_chain>
My question is: what do I need to put for CA_chain? Whatever the file I give, the script freezes after asking me the passphrase to unlock the private key.


Updated by pnl 3688 days ago

  • Status changed from New to Solved
  • Assigned to set to pnl

nvca now uses the zinn configuration file, see #54 for details.

The certificate chain it requires (chain entry in the zonenode section of the configuration file) is the one that will be sent to client programs upon registration. This chain will be used by client programs to verify the certificate of the zone manager (zonemgrd program), which is loaded from the path specified in the certificate entry of the zonenode section.

One way to verify that your configuration is correct is:
openssl verify -CAfile root_cert.pem zd_cert.pem

where (these are the default names)
  • root_cert.pem is the certificate chain
  • zd_cert.pem is the zone manager certificate

Also available in: Atom PDF