I'm running Debian
and have certbot
for creating Let's Encrypt
certificate.
I act as client towards a TLS server, and needs to handover my client certificate for approval.
I've got the following files generated by certbot
:
/etc/letsencrypt/live/my-client-server-domain/privkey.pem
/etc/letsencrypt/live/my-client-server-domain/fullchain.pem
/etc/letsencrypt/live/my-client-server-domain/chain.pem
Which certificate should I handover, and is it safe to share public?
Best Answer
You need to keep
/etc/letsencrypt/live/my-client-server-domain/privkey.pem
private as it contains the private key for your certificate.You can hand out one ofthese two files:
You might want to share the
/etc/letsencrypt/live/my-client-server-domain/fullchain.pem
as it contains intemediate certificates if those were used by Let's Encrypt. The recipient can extract your certificate from it in case it is needed.