[guest - Fri Nov 17 05:24:37 2006]: > If a CA uses intermediary certs that are not distributed in all > truststores such as quovadis with mozilla's trust store. Servers do not > only transmit leaf certificates, but also intermediary ones. > > http://httpd.apache.org/docs/2.1/mod/mod_ssl.html#sslcertificatechainfile > > So, with > openssl s_client -connect smtp.privasphere.com:25 -debug -starttls smtp > > I do see that more than cert is sent: > Certificate chain > 0 s:/C=CH/ST=ZH/L=Zuerich/O=PrivaSphere AG/OU=Secure > Messaging/CN=smtp.privasphere.com > i:/C=CH/O=QuoVadis Trustlink Schweiz AG/OU=Issuing Certificate > Authority/CN=QV Schweiz ICA > 1 s:/C=CH/O=QuoVadis Trustlink Schweiz AG/OU=Issuing Certificate > Authority/CN=QV Schweiz ICA > i:/C=BM/O=QuoVadis Limited/OU=Root Certification > Authority/CN=QuoVadis Root Certification Authority > > but even with the debug option, only the leaf certificate is shown while > I would like also see the others in the chain
The documented -showcerts option does that. Steve. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
