On Sat, Apr 27, 2013 at 5:23 PM, Brian Carlstrom <[email protected]> wrote: > It's not working because the server is not configured to include the > intermediate CA "InnoSSL TrustSign DV Certification Authority" > > $ openssl s_client -connect scert.shinhan.com:443" > --- > Certificate chain > 0 s:/OU=Domain Control Validated/OU=Hosted by Dotname Korea > Corp./OU=PositiveSSL Wildcard/CN=*.shinhan.com > i:/C=KR/O=Dotname Korea Corp./CN=InnoSSL TrustSign DV Certification > Authority > --- > $ To expand on BC's answer, it is the server's responsibility to provide all certificates needed to forma a valid chain. This is due to the "which directory" problem experienced at the client.
https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Rule_-_Always_Provide_All_Needed_Certificates Jeff -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/android-security-discuss?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
