[openssl-users] (SPAM) Retrieving Root CA certificate using "openssl s_client -showcerts" command
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Nov 8 19:04:44 UTC 2016
> On Nov 8, 2016, at 4:26 AM, Erwann Abalea <Erwann.Abalea at docusign.com> wrote:
>
> The root certificate is not expected to be sent by the server, as it already needs to be known and trusted by the client.
> However, you’re free to configure your server to send it, for debugging or informational purposes.
A root CA certificate MUST be sent when the server's DANE-TA(2)
TLSA record designates that root as a trust-anchor.
https://tools.ietf.org/html/rfc7671#section-5.2
--
Viktor.
More information about the openssl-users
mailing list