marius gabi wrote:
> Thank you for your prompt response. We already tried your solution
> and seems to be working. The issue is as follows: I do not have
> (access to) the client's certificate (application not developed by
> me) in order to compose the chains you mentioned. 

You do not need client's certificate since that will be sent
by the client always. If the client does NOT sent his intermediate 
CA certificate(s) there is no way for the server to complete 
client's certificate chain except client's intermediate 
CA certificate(s) are available locally to the server i.e.
in SslCaFile.    

> Furthermore I
> aspect that other clients that have the same ROOT as me (but possibly
> other intermediary CA and client certs) will connect to my server. I
> was wondering if there is a possibility to test the certificates at
> ROOT level and complete a communication and transaction.

That is only possible if the server is able to build a complete
client certificate chain. Usually all CA certificates issued by a root
CA are available for download as well. In your case the URL is but their server currently fails
with error "OpenCA Error: Server is not online or does not accept requests".

Arno Garrels
To unsubscribe or change your settings for TWSocket mailing list
please goto
Visit our website at

Reply via email to