Hi Jeffrey,
Thanks for your response.
So, is it a standard that the SSL enabled 'server app send the certificate
chain, or just something that the app 'should' do?
How can I test what certificates the server is actually sending back? I
know that uw-imapd doesn't send the whole chain, and that
On Wed, Jan 12, 2005, Jason Keltz wrote:
Hi Jeffrey,
Thanks for your response.
So, is it a standard that the SSL enabled 'server app send the certificate
chain, or just something that the app 'should' do?
Its part of the standard. OpenSSL doesn't currently enforce this but it may do
at
Hi.
I have a question with respect to SSL protocol. Is it part of the
protocol that the SSL server send to the client the public keys for the
CAs making up the certificate chain? or is it acceptable to send just the
server public key and expect the client to complete the chain on its own?
I can
The server should send all of the certs which make up the chain but
not the root cert. If the root certs is sent, the client must ignore
it for purposes of validation of the chain.
Microsoft used to distribute Intermediate certs as part of Windows
and this resulted in the expectation that clients