9 Jan
2012
9 Jan
'12
3:13 p.m.
Hi,
My question is, what is the value of adding the roots/intermediates to the certificate file i.e certificate_file = ${certdir}/certificate.crt? Does it really allow a client without the Root already installed to verify this certificate?
for a client to validate a cert, it needs to already know and trust the CA for that cert - otherwise one half of the trust relationship is gone. IF you need to use an intermediate as well as the server cert, then by sending it down the link to the client, you can ensure the client will be happy with the server cert (so long as they trust the CA) if they havent already got the intermediate. alan