Ju
ne
20
18
Legrand PDU User Guide 491
Each certificate in the chain is the issuer certificate of the certificate that follows it. That is, A is the issuer
certificate of B, and B is the issuer certificate of C.
Note: In fact many certificate chains may comprise only the root certificate and a TLS server's certificate and
do not have any intermediate certificate(s) like 'Certificate B' involved. Or some chains may contain more
than one intermediate certificates.
Certificate (chain) that you must upload to the receiver, such as Legrand PDU:
Because the TLS server provides only 'Certificate C', you need to upload a file containing the the missing
certificates of the chain (that is, 'Certificate A' and 'Certificate B') to the receiver.
In reality some servers may provide a partial (or even a full) certificate chain instead of a single server
certificate. If your server provides a partial certificate chain containing 'Certificate B' and 'Certificate C', then
you only need to upload 'Certificate A" to the receiver. If the server has a full certificate chain containing
Certificates 'A', 'B', and 'C', then you also need to upload the root certificate 'A".
Warning: The certificate (chain) uploaded to the receiver must always contain the ROOT certificate even
though the TLS server provides the root certificate. When uploading a (partial) chain onto the Legrand
PDU, it means you trust each certificate in the chain to certify the authenticity of certificates a server
sends to Legrand PDU. Therefore, at least the root certificate must be authentic, issued by a CA you trust,
and downloaded from that CA over a secure channel. Never implicitly trust a root certificate that is sent by
the server which you want to connect to. It could have been created by an attacker.
If either certificate 'A' or 'B' is missing in the certificate file uploaded to the receiver, the connection to the
wanted TLS server will fail.