On Thu, 9 Aug 2012 11:33:48 +1000
David Gwynne wrote:
> i believe as an ssl client you can add intermediate certs
> to /etc/ssl/cert.pem and they'll be used to validate the endpoint.
I do believe this would allow me as a client to validate certs signed
by the intermediate certs with no problem,
i believe as an ssl client you can add intermediate certs to /etc/ssl/cert.pem
and they'll be used to validate the endpoint.
if you're an ssl server and your program doesnt let you specify a chain, you
can just cat them on the end of the crt. eg, i do something like the following
when configuring
I suppose my question boils down to "How can I validate certificates
from SSL servers that fail to send intermediate certificates?"
There seem to be quite a few such servers out there, including some I
have little choice but to use, and OpenSSL apparently doesn't like to
validate a certificate if
