I am curious as to the difference between loading a validating a server certificate such as found on https://innovation01.acs-ops.com using the "openssl s_client" command and using a web browser. They result in different certificate chains, diverging at the "VeriSign Class 3 Public Primary Certification Authority - G5" level. My web browser seems to find this cert to be self signed, where as openssl finds it to be an intermediate certificate signed by Verisign. This is true for the both versions of openssl I have tested (0.9.8 and 1.0.1c).
What mechanism is causing the divergence? The chain that Windows recognizes would seem to suggest that I can supply those certificates as trusted and validation should succeed, but if a different chain is generated via openssl this is invalid. It is causing problems in how organizations can find what certificates they need to add as trusted. Thanks, Walter Mihalenko ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
