Benjamin Davis said the following on 07/24/2012 11:22 AM:
Theoretically, just getting the Verisign root cert should do the
trick. I've never tried that before, but basically, the main cert says
it is signed by the intermediate cert which is signed by the Verisign
root. As long as the Verisign root is in your keystore, it should work
because then you trust that one and everything else is connected...
Hmm... Ideas....
In my situation (SSL for a LDAP connect), we needed the intermediate CA
cert too even though the root cert was trusted. In theory, you're
completely right Ben -- it "should" work. However, for us -- it didn't
work in our circumstance.
To eliminate any cert chain issues, I'd import all the certs in the
chain just to safe.
--
Peter J. Farrell
OpenBD Steering Committee / Mach-II Lead Developer
[email protected]
[email protected]
http://blog.maestropublishing.com
Identi.ca / Twitter: @maestrofjp
--
online documentation: http://openbd.org/manual/
http://groups.google.com/group/openbd?hl=en
