[openssl-users] Intermediate certificates

Serj rasjv at yandex.com
Tue Jan 27 19:21:01 UTC 2015


Some web-sites don't send all intermediate certs during "SSL Handshake". For example, www.verisign.com sends only server's cert but doesn't send next intermediate cert:

s:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa (c)06/CN=VeriSign Class 3 Extended Validation SSL SGC CA 
i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5

So, I need to set a list of intermediate certs for my SSL connections. How to do this?

With SSL_CTX_load_verify_locations() I can set only trusted root certs, but not intermediate certs.

Best Regards,


More information about the openssl-users mailing list