Discussions A-z Intermediate

[Magdalena Liendo]

Ive created a chained certificate to make sure the Intermediate cert goes to the client so no errors occur. The chained cert is installed, shows its signed by the GoDaddy root and when I use GP I do not get any certificate errors. So that part is good.

The chained certificate has the Public Key issued by GoDaddy at the top, the Intermediate cert "Issued To" cert and I imported the private key generated when the CSR was made (CSR created using a Winders server & IIS). I didn't know what to do with the "Issued By" portion of the Intermediate cert & the chaining document I found in the PAN forums didn't mention it so it didn't get used in the chained cert. If this is wrong let me know.

The problem is I get an error on the PAN every time I commit: "vsys1: Warning: can't find complete cert chain for ". I think the problem is that I did not import the Intermediate certificate before importing the chained certificate.

Here's my ignorant question: How do I import the Intermediate cert? The intermediate cert has two certs in it: The "Issued To" cert and the "Issued By" cert. When I import the PEM, is the "Issued By" considered the private key (checking 'Import Private Key')? Or, do I just leave both "Issued To" & "Issued By" certs together in the PEM file & import it without checking 'Import Private Key'?

The workaround for me to "fix" the problem is to manually edit the configuration file. Export -> Edit in textpad/xml editor or similar and then paste the server certificate with Intermediate certificate.

Read that post and I just did it. This was a slightly different instruction from the document on chaining or at least the suggestion was clearer. I took everything in the bundle from GoDaddy and pasted it to the bottom of the server cert. It imports fine, shows the issuer being Go Daddy Secure Certification Authority but once I link it to the GP Gateway and GP Portal and commit, I get the same error.

Finally, I checked the keychain on my Mac and the server certificate is showing valid. So, I'm kinda stumped. I've seen another post where someone was having an issue with a GoDaddy certificate and not with a cert from another issuer. I've used namecheap without an issue.

I've gone to the GoDaddy cert repository and downloaded the Intermediate and Root certs and verified them against the certs I was given. They all match so I don't see why I'm receiving this commit error. The server

Just one thing for clarification for anyone else finding this thread. When you chain the certs, they all go into . The don't get their own XML headers. Not sure who'd do that (*uhm...*) but just in case.

However for development I prefer to run grunt inside a container - the intermediate grunt container is exactly what I need to execute grunt watch, except it is not given a tag and so would only be available by referencing the hash.

The label trick also works great for me since I am building on a Jenkins machine used by multiple teams within the company, and I wanted to avoid using docker image prune to not accidentally delete something used by other people.

Namely, I have a root CA and multiple intermediate CAs underneath for different use cases - one is for SSL Client Auth (so SSL cert over HTTPS, etc.), one is for internal server certificates, and one is for VPN CA.

Yes, the CA and then Intermediate have both been uploaded. It seems to barf on the handshake when it does the initial TLS communication. Which is odd, because it shouldn't be doing that.

I'm not entirely sure where to look next, since the certificate is issued on the XG by the intermediate CA for the server certificate. Unless the client certificates are being issued incorrectly with the default CA and not hte intermediate CA I've deployed, but I've got no idea how to set that properly.

I basically took the default generated CA cert that the XG created and used that as a base, and configured a few extra SANs and entries to match the IPs as well as hostnames. Other than that, the signature was identical.

ODDLY ENOUGH, it seems like it just started randomly working, and all I did was switch the server cert to the default appliance cert and then back to the intermediate-CA-issued cert and it just started to freaking work. WHooo! Don't think I can alter the CA used for client cert issuance, but I'm less concerned about that. At least it works heh!

But the exports still work fine if you deactivate the Disable Masters parameter? I imagine there is an issue with axis re-ordering not being taken into account for the intermediate layer glyphs. Could you inspect what STAT table you get when exporting without the intermediate layer glyphs?

As of last year I have been applying for elixir backend position; however, I have been unsuccessful in landing a job. After having been interviewed, I think I realize what I am missing: making architectural decisions in a complex system.

I believe you are referring to this book by @JEG2. I have read that book. It was one of those books that helped me become a mature developer. Helped to think through an application from data to GenServers.

The first thing I tried to write in Elixir was an auction application for my fantasy football league. I built it such that it could support multiple auctions going on in different leagues concurrently. That felt like an intermediate introduction to Elixir and especially OTP. Since then I have worked on a charting library and a little toy Phoenix app that demonstrates that library.

It's really quite rather hard to categorize and I remember having a discussion about this interpretation a while back ago. Maybe PCchapman can come and elaborate as well

As far as the intermediate, expert and max I just can't quite get my mind around it.....Currently I'm on a sabre2 120 at 1.2 which is under the "Expert" category..... While on the other hand if I were to downsize to a Katana 107 I would therefore be under the "Advanced" category..

In no way would I say that a Katana 107 is more docile than my Sabre2 120 so it just difficult to wrap my mind around it. But I'll try and find out where I remember reading the correct interpretation

edit to add: I recently spoke to a PD rep at a boogie and they pretty much stated that to be able to jump a Katana you should have a minimum of 500 jumps and current regardless of wingloading and size.

Precisely. Which suggests that people with less than 200 jumps are probably best off jumping in the 'Novice' catagory - forgiving canopies and wigloadings. Sounds about right to me if you want to give safe advice to the masses.

Of course, you're never going to get anyone with just under 200 jumps to admit that. Far more likely will be people with that sort of experience making excuses why Intermediate or Advanced canopies are actually more appropriate for them...

You see, people like definition when it means they can reinforce their own opinions of themselves, but not when it conflicts with how they want to percieve themselves.

The 'Intermediate' catagory, from that report, reads to me like canopies and loadings that are suitable for people who are actively persuing canopy training. They have the skills to consistently make good decisions and the experience to back this up. They're actively trying to improve their piloting and are trying to learn advanced techiques safely. Doesn't that sound like it's someone in the 200 - 400 jump range? It's difficult to see it being much less... Of course, those same people will be absolutely CONVINCED that the same skills make them 'Advanced' pilots and that flying wings in a lower catagory is insulting somehow.

Again, pinning jump numbers to the definitions is pretty pointless and arbitrary. It's really about dedication to learning a separate skill and being mature enough to ignore the hubris of thinking you're better than you are. That only comes from time spent in the sport; time spent flying, time spent learning, time spent trying to better yourself and time spent seeing other people make mistakes. Someone could make 1000 skydives and still not be as safe under a loaded Intermediate canopy as someone who has practised for a few hundred jumps.

I completely agree with you. But I do feel that it would be helpful of PD to provide clearer guidelines. Something similar to the downsizing checklist that Bill Von wrote.

We need to keep in mind that by the time the average jumper has 25 jumps they have gone from nothing to being able to self jumpmaster, a huge learning achievement by any standard. It is not difficult to see how they can believe at 50 or 100 jumps they have "mastered" canopy flight. Leaving vague definitions does nothing to highlight how little they actually know.

Based on PD's wing loading chart, I (40 jumps, no canopy course...yet) fall under the advanced category for my Spectre 190 with an exit weight of 210. It flies much faster and is more responsive than the 230s & 210s that I used as a student but I have yet (knock on boner) to have any problems with it.

3a8082e126