Client Certificate .ca file?

A web application I have setup requires a .ca file to identify the Certificate Authority.
Any ideas on how to get that would be much appreciated.

RoltairTheProtogenOP•11/20/24, 2:40 AM

Still waiting for any help on this.
This may also be of use.

Cyb3r-Jak3•11/20/24, 1:09 PM

Can you provide some more context? What are you trying to do?

RoltairTheProtogenOP•11/20/24, 1:13 PM

We're using Axigen mail server, and in that for the local webadmin and webmail IP's we are using a Cloudflare Client Certificate for SSL.
When importing the certificate and private key into Axigen, it shows "No CA" as it cannot identify the Certificate Authority which I guess is why I'm running into this issue.

When attempting to access the page you get the error net::ERR_CERT_AUTHORITY_INVALID

Cyb3r-Jak3•11/20/24, 1:17 PM

When you say client certificate, do you mean origin certificate?

RoltairTheProtogenOP•11/20/24, 1:18 PM

No, I do mean Client Certificate.

RoltairTheProtogenOP•11/20/24, 1:18 PM

Axigen rejects origin certificates for some reason.

RoltairTheProtogenOP•11/20/24, 1:22 PM

We also can't use Let's Encrypt because it's not for a (sub)domain, it's for a local IP address.

Cyb3r-Jak3•11/20/24, 1:28 PM

Yeah Client Certificates are for MTLS. Seems like the server requires a public validate SSL certificate. You could make a DNS record that points to the local IP and use that for Let’S Encrypt.

RoltairTheProtogenOP•11/20/24, 1:31 PM

We might consider doing that when we implement an internal DNS, I was just curious if it was possible to get the .ca file which seems to be to identify the Certificate Authority.

Cyb3r-Jak3•11/20/24, 2:38 PM

You can’t for client certificates. Cloudflare Manages the CA

RoltairTheProtogenOP•11/20/24, 2:39 PM

I see, well thank you!