[openssl-users] Certificate chain validation

Lei Kong leikong at msn.com
Fri Apr 21 01:37:39 UTC 2017


When validating a certificate issued by an intermediate certificate authority, I noticed that I need to install both the root and the intermediate CA certificate locally (with update-ca-certificates on ubuntu 16.04). Verification fails if only root CA cert is installed (intermediate is not installed), is this expected behavior? Why do I need to install intermediate CA cert locally? Locally installed root CA cert is not enough to validate intermediate CA cert?

Is it possible to make chain validation work with only root CA cert installed locally?

Thanks.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170421/7ec34523/attachment.html>


More information about the openssl-users mailing list