No, you must have a chain up to a local trust anchor. You can install the intermediate in your trust store.
-- Senior Architect, Akamai Technologies Member, OpenSSL Dev Team IM: richs...@jabber.at Twitter: RichSalz From: Lei Kong [mailto:leik...@msn.com] Sent: Thursday, April 20, 2017 9:38 PM To: openssl-users@openssl.org Subject: [openssl-users] Certificate chain validation When validating a certificate issued by an intermediate certificate authority, I noticed that I need to install both the root and the intermediate CA certificate locally (with update-ca-certificates on ubuntu 16.04). Verification fails if only root CA cert is installed (intermediate is not installed), is this expected behavior? Why do I need to install intermediate CA cert locally? Locally installed root CA cert is not enough to validate intermediate CA cert? Is it possible to make chain validation work with only root CA cert installed locally? Thanks.
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
