On Fri, 21 May 2021 06:02:10 +0000 Bonno Bloksma <b.blok...@tio.nl> wrote:
> Hi Celejar, > > >>> Although everything works properly for actual (human) users, a > >>> coworker has informed me that some of his automated tests are > >>> failing with invalid https certificate errors. I checked and, sure > >>> enough, it's not just his tests: > > > To elaborate on / add to this: there's also something called Authority > > Information Access (AIA), which allows the client to locate a missing > > intermediate certificate on its own: > > https://www.thesslstore.com/blog/aia-fetching/ > > Thanks for answering this post as full as you did. I did not know about > AIA fetching and it now solves something I had noticed before but never > found out why. > Now I know. :-) Hey, I had never heard of it either - I was just intrigued by the puzzle the OP presented, so I dug around a bit ;) > I understand finding the balance between a proper configured (web) > server and trying to make users don't have problems with misconfigured > servers. The same discussion has been going on with what a mail > server/client should accept and try to interpret when the sender does > not follow the proper rules. > > Met vriendelijke groet, > Bonno Bloksma > senior systeembeheerder Celejar