Re: [openssl-users] (SPAM) Retrieving Root CA certificate using "openssl s_client -showcerts" command
> On Nov 8, 2016, at 4:26 AM, Erwann Abalea wrote: > > The root certificate is not expected to be sent by the server, as it already > needs to be known and trusted by the client. > However, you’re free to configure your server to send it, for debugging or > informational purposes. A root CA certificate MUST be sent when the server's DANE-TA(2) TLSA record designates that root as a trust-anchor. https://tools.ietf.org/html/rfc7671#section-5.2 -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] (SPAM) Retrieving Root CA certificate using "openssl s_client -showcerts" command
Bonjour, The root certificate is not expected to be sent by the server, as it already needs to be known and trusted by the client. However, you’re free to configure your server to send it, for debugging or informational purposes. Cordialement, Erwann Abalea Le 8 nov. 2016 à 03:36, Mofassir Ul Haque mailto:mofassir_ha...@yahoo.com>> a écrit : Hi All, The output of "openssl s_client -showcerts -connect ..." command dose not include Root certificate (which is expected behaviour). However, is it possible to configure Server to return Root CA certificate also ? Thanks, -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users