I'm setting up my TLS context like so:
ssl_context do
context = OpenSSL::SSL::SSLContext.new
certificate_bundle_path = File.join __dir__, 'cert/public_bundle.pem'
certificates = OpenSSL::X509::Certificate.load_file certificate_bundle_path
server_certificate = certificates.first
certificate_chain = certificates[1..]
private_key_path = File.join __dir__, 'cert/private_key.pem'
private_key = OpenSSL::PKey::RSA.new File.read(private_key_path)
context.add_certificate server_certificate, private_key, certificate_chain
context
end
I'm using a certificate signed by a well-known CA. The file at cert/public_bundle.pem contains the entity certificate followed by the intermediate certificate.
The problem is that Falcon only serves the entity certificate, so the connection fails unless I add the intermediate certificate to the truststore on the clients.
I'm setting up my TLS context like so:
I'm using a certificate signed by a well-known CA. The file at
cert/public_bundle.pemcontains the entity certificate followed by the intermediate certificate.The problem is that Falcon only serves the entity certificate, so the connection fails unless I add the intermediate certificate to the truststore on the clients.