-
Notifications
You must be signed in to change notification settings - Fork 23
Release notes for version Ki (v35.HZ12.Ki)
- Support for intermediate CA certificates
- Removal of arbitrary limitation on the subject of CA certificates
- New calculations of average length of request (avg) and average processing time (tav)
- Moved to pthread for all multiprocessing. Better performance overall.
- New HTML stats page
Please refer to ChangeLog for more details. Below describes how to use intermediate CA certificates, new key feature in this version.
Pixelserv-tls was introduced with using a self-signed root CA certificate for signing automatically generated certificates for ad servers. In SOHO environments without in-house issues of certificates, a freshly prepared root CA certificate is the easiest way to start using Pixelserv-tls and tracking ad requests over HTTPS.
However, in certain SOHO environments and SME's, organisations may possess an intermediate CA certificate which is issued by a legitimate root CA or more commonly by another higher-up intermediate CA. Depending on the capabilities of this CA certificate, you will be able to use this CA certificate to issue server certificates or another intermediate CA certificate. It's the latter capability that you can issue a new intermediate CA certificate for use in Pixelserv-tls. Versions before vXXXXX, Pixelserv-tls was not able to make use of such CA certificates.
In the simplest case, the contents of ca.crt and ca.key will be that of the intermediate certificate you issue for use in Pixelserv-tls. In this simplest form, it's assumed the certificate of the issuing CA (either a root CA or an intermediate CA) is deployed on your client machines/devices and resides in their trusted store.
In a multi-level trust relationship, any other intermediate CA certificates between the CA certificate issued for use in Pixelserv-tls and that resides in clients' trust store shall be appended to ca.crt. This is standard practice and necessary to establish the chain of trust between the server certificates that Pixelserv-tls automatically generates and the CA certificate in clients' trusted store.
The order of intermediate certificates in ca.crt is important. Begin with the CA certificate you issue for Pixelserv-tls. Follow by next higher-up. The last CA certificate shall be one immediately issued by a CA certificate that resides in clients' trust store.