On Friday, 9 October 2020 20:15:06 UTC+1, Yashar Vasegh wrote: > > Yes, it works, thank you. I still not understand why root CA cause problem > here, but I was expecting for "Client side TLS AUTH" I need to add CA. >
No: it's symmetrical. * A server has a *server private key* and a *server certificate*. The other side (the client) uses the *CA public key* of the CA which signed the server certificate, to verify it. * A client has a *client private key* and a *client certificate*. The other side (the server) uses the *CA public key* of the CA which signed the client certificate, to verify it. Therefore, the only CA key that the client needs is the one which signed the server certificate. If the server certificate was signed by a well-known root CA (i.e. one which is already in the client's default set of trusted root CAs) then no CA configuration is required at all on the client side. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/a8940275-cf6f-46f7-aeae-210093f23fc3o%40googlegroups.com.
