This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Truststore with mutliple certs in a single PEM works?

Posted on 10-16-2015 05:10 AM
Not applicable
Reply posted on --/--/---- --:-- AM

One of our OPDK customers has, contrary to the documentation, placed multiple certs in a single PEM file in a Truststore. The documentation says we must use individual PEMs for each cert. Yet it appears to be functioning fine.

1) What is difference within APIGEE when certs are added as single PEM file and when added as individual pem file? 2) Will there be any issues when the CERTS are added in APIGEE truststore as singple PEM FILE? 3) And in case APIGEE certs can be added to trustore as sinple PEM file then why in the APIFGEE doc its mention to add the certs as individual pem file?

Thanks,

Paul.

Solved Solved
2 3 1,219
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
sgilson
New Member
Reply posted on --/--/---- --:-- AM

A truststore with multiple certs in a single PEM file is now supported. See the doc here.

Stephen

View solution in original post

Jump to Solution
3 REPLIES 3

Posted on --/--/---- --:-- AM
adas
New Member
Reply posted on --/--/---- --:-- AM

@Paul I don't know the history behind it, but at some point we did update the docs to say that if you are using the truststore you must upload all the certs in the chain as individual PEM files. But like you said, even if you concatenate them in a single PEM file it still works.

There's another community article where a similar question was asked: https://community.apigee.com/questions/10560/how-t...

I think we are in the process of updating our docs, but the recommended way is to have them uploaded as individual PEM files, however both should work.

Jump to Solution

Posted on --/--/---- --:-- AM
sgilson
New Member
Reply posted on --/--/---- --:-- AM

A truststore with multiple certs in a single PEM file is now supported. See the doc here.

Stephen

Jump to Solution

Posted on --/--/---- --:-- AM
remeeshnair
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Even if you do multiple of single pem addition to a truststore, first certificate in the pem file's CN name will be published by apigee when you do 2-way SSL as apigee being server. So if you want to have handshake with leaf(domain) certificates with your clients, you add either leaf alone or add all the certs in single file with leaf certificate part on top of the your .pem file. But adding all chain certificates as individual .pem files might open up a security concern by allowing those clients to do 2-way SSL having either root or intermediate certificates in common.

Jump to Solution
0 Likes