[openssl-users] Intermediate certificates
Serj
rasjv at yandex.com
Fri Jan 30 19:55:19 UTC 2015
29.01.2015, 20:18, "Dr. Stephen Henson" <steve at openssl.org>:
> On Tue, Jan 27, 2015, Serj wrote:
>> Ok. But is there any documentation how to set intermediate certificates for my SSL connections? Maybe I want to support these broken sites...
>
> You can add intermediate certificates to the trusted store: they'll then be
> used when it can no longer find suitable intermediates from the peer.
Ok. This is the decision I think.
Really, it makes no sense if we will add only intermediate cert for some site without it's self-signed root cert.
And so always if we will have another cert of some web-site which is signed with this intermediate cert, the last in the chain will be trusted self-signed root cert anyway.
So, no any problems with security in this case!
Thanks, Steve.
--
Best Regards,
Serj
More information about the openssl-users
mailing list