On 10/08/14 14:35, Igor Cicimov wrote:
On Wed, Oct 8, 2014 at 6:05 PM, dE <de.tec...@gmail.com
<mailto:de.tec...@gmail.com>> wrote:
On 10/08/14 10:19, Igor Cicimov wrote:
You can find more about openssl tool set here:
https://www.openssl.org/docs/apps/s_client.html, its perfect
for ssl troubleshooting.
By the way, did you import the CA_chain.pem in the browsers?
I thought browser only needs to have the self signed root CA. If I
have intermediate.pem installed, then of course things go as
expected; but this should be a certificate chain as provided by
Apache.
Apache does provide the certificate chain to the client/browser but
the client/browser needs something to compare it against otherwise how
is it going to know to trust it or not?
issuer.pem is installed in the browser. It's provided by the root CA.
Apache should (and it does) send both intermediate.pem and server.pem so
the client can link to the chain.
