No (with qualifications). If the server sends you the entire
certificate chain, then yes you can retrieve the root certificate
since it was sent to you.
If the server only sends you it's certificate, then all you have is
the server's pubic key digitally signed by the issuer. The issuer's
Hi,
I was wondering if it's possible to derive (or extract?) the root CA's
cert from an given SSL cert using openssl.
What I mean by root CA's cert is the certficate that would be
installed in a browsers list of trusted CAs.
For instance if I have an SSL certificate signed by verisign, I
