CRLF in intermediate certificate


#1

When I request a certificate via the new v2 API, the intermediate certificate that is provided along with the certificate contains CRLF at the end of each line. The Fake intermediate certificate via the staging API only contains LF. Is there a valid reason for it?

Update: root -> intermediate


#2

Hi @hiawatha,

I believe you mean the Let’s Encrypt Authority X3 intermediate certificate? There should not be a root certificate in the returned chain.

I will look into the CRLF question. I’m not sure off-hand.


#3

Opened https://github.com/letsencrypt/boulder/issues/3557 to not forget.


#4

Yeah, I meant the intermediate certificate of course. :wink:


#5

Hi again @hiawatha,

The CRLF linefeeds should now be fixed. I’ve repurposed Boulder issue 3557 to add a check that will refuse to start the web front end if the configured PEM certificate chains don’t use the correct line endings. This should help prevent this problem from cropping up again in the future.

Thanks again for flagging this problem for us.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.