mutual-TLS / mTLS Example with certificate problem

Kyle Hamilton aerowolf at
Thu May 7 16:48:18 UTC 2020

On a tangent, this file format (and order) was actually finally
standardized as "application/pem-certificate-chain" by RFC 8555
section 9.1 (the Automatic Certificate Management Environment
protocol, or ACME).

On Wed, May 6, 2020 at 2:59 PM Michael Wojcik
<Michael.Wojcik at> wrote:
> Get rid of the call to use_certificate_file and put everything the server should be sending into the chain file, in the order described in the OpenSSL documentation: entity certificate, certificate for its issuer, and so on up to and including the root. (I've just noticed the docs don't say whether use_certificate_chain_file specifies SSL_BUILD_CHAIN_FLAG_NO_ROOT when it calls add1_chain_cert, so offhand I don't know whether this will cause the root to be included in the chain the server sends. But that shouldn't really matter.)

More information about the openssl-users mailing list