...
- Issuing CA for HARICA OV TLS (RSA): CN=HARICA OV TLS RSA,O=Hellenic Academic and Research Institutions CA,C=GR
- Issuing CA for HARICA OV TLS (ECC): CN=HARICA OV TLS ECC,O=Hellenic Academic and Research Institutions CA,C=GR
- use the same cross-signed intermediate Root CA (RSA and ECC respectively) as for the GEANT-specific issuer if needed (see above)
To create the 'CertificateChainFile' for Apache, concatenate the issuing CA (e.g. CN=GEANT TLS RSA 1) and the cross-signed root (e.g. CN=HARICA TLS RSA Root CA 2021 in its cross-signed variety), and specify this file in the Apache mod_ssl configuration. For Nginx in the ssl_certificate directive in the http {} section, you would include your server certificate (downloaded from CM), the issuing CA (e.g. CN=GEANT TLS RSA 1) and the cross-signed root (e.g. CN=HARICA TLS RSA Root CA 2021 in its cross-signed variety) in that order in a single file. The private key goes (separately) in the file specified under ssl_certificate_key .
Policy Management Authority
...