Elaboration on the nature of server.crt

On the page Certificates and Keys page of the mender docs, it states “The file ‘certs/server.crt’ is just a concatenation of all the certificates that the Mender client uses.”

The documentation refers to this file as the “server certificate”. I’m a bit confused on how it can act as a single certificate if multiple certificates are inside of it. For example, when does it expire? What if there are differing expiration dates on the certificates inside of server.crt?

My apologies in advance. Security is not my strong suit.

The documentation refers to this file as the “server certificate”

This is probably not accurate description because it is not a certificate, and is just a file that contains multiple certificates. A certificate pool that the Mender client can inspect to validate the server.

It is quite similar to how /etc/ssl/cert.pem works which is your system wide pool of certificates.

If you cat server.crt, you will see that it just contains two certificates.

Thanks mirzak. If you’ll indulge me just a bit further… So, the purpose of the server.crt is for the client to validate the server, and not the other way around? Also, if server.crt is a “pool” of certificates, is there documentation as to the specifics of the certs inside that pool and how/where each is used? Thank you!!

So, the purpose of the server.crt is for the client to validate the server, and not the other way around?

Correct

Also, if server.crt is a “pool” of certificates, is there documentation as to the specifics of the certs inside that pool and how/where each is used?

I would suggest to inspect the script that creates the,

And also, Certificates and keys | Mender documentation

1 Like