[openssl-users] Intermediate certificates

Serj rasjv at yandex.com
Fri Jan 30 19:55:19 UTC 2015

29.01.2015, 20:18, "Dr. Stephen Henson" <steve at openssl.org>:
> On Tue, Jan 27, 2015, Serj wrote:
>>  Ok. But is there any documentation how to set intermediate certificates for my SSL connections? Maybe I want to support these broken sites...
> You can add intermediate certificates to the trusted store: they'll then be
> used when it can no longer find suitable intermediates from the peer.

Ok. This is the decision I think.
Really, it makes no sense if we will add only intermediate cert for some site without it's self-signed root cert.
And so always if we will have another cert of some web-site which is signed with this intermediate cert, the last in the chain will be trusted self-signed root cert  anyway.

So, no any problems with security in this case!

Thanks, Steve.

Best Regards,


More information about the openssl-users mailing list