Hi Celejar, >>> Although everything works properly for actual (human) users, a >>> coworker has informed me that some of his automated tests are >>> failing with invalid https certificate errors. I checked and, sure >>> enough, it's not just his tests:
> To elaborate on / add to this: there's also something called Authority > Information Access (AIA), which allows the client to locate a missing > intermediate certificate on its own: > https://www.thesslstore.com/blog/aia-fetching/ Thanks for answering this post as full as you did. I did not know about AIA fetching and it now solves something I had noticed before but never found out why. Now I know. :-) I understand finding the balance between a proper configured (web) server and trying to make users don't have problems with misconfigured servers. The same discussion has been going on with what a mail server/client should accept and try to interpret when the sender does not follow the proper rules. Met vriendelijke groet, Bonno Bloksma senior systeembeheerder
