On Thu, Feb 11, 2016 at 09:58:17PM -0600, Endi Sukma Dewata wrote: > On 1/12/2016 7:37 PM, Fraser Tweedale wrote: > >The attached patch fixes certificate import in Chrome. > >https://fedorahosted.org/pki/ticket/1245#comment:5 > > > >Thanks, > >Fraser > > If I understand it correctly, the importCAChain=false means that the server > will return only the leaf certificate in DER format instead of the entire > certificate chain in PKCS #7 format. Does this mean the certificate chain > will have to be imported separately, and how? > That is correct. Chrome apparently does not support chain import (only a single cert can be imported). Requires more investigation as to how to import intermediaries. I might file a separate ticket for that, or OTOH I can withdraw this patch until a "proper" fix can be found (if there is one).
Cheers, Fraser _______________________________________________ Pki-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-devel
