Thanks for the response.. >>You have to get the IC to the client somehow. The usual method is to have the server send it. Does the server software provide a way to supply a certificate chain?
What do you mean by server sending it? is it on TLS negotiation? What do you mean by certificate chain? is it rootCA and IntermediateCA combined in a pem file?. Thanks Jijo On Thu, Jan 13, 2011 at 9:39 AM, David Schwartz <dav...@webmaster.com>wrote: > On 1/12/2011 3:19 PM, Jijo wrote: > >> Hi All, >> >> I hope this a basic question for you guys.. >> >> I'm trying to setup TLS connection between Client and Server. >> >> In the server i did following things, >> 1. Created a selfsigned rootCA >> 2. Created IntermediateCA and signed with rootCA. >> 3. Create a Server Certificate and signed with intermediateCA. >> 4. Appened the rootCA also to the server Certficate. >> >> >> In the Client. >> 1. Create a Server Certificate and signed with rootCA. >> 2. Stored CA as rootCA >> >> Now i made a TLS connection from Client to Server and the client returns >> an error:20 "Unable to get Local Issuer Certficate". >> > > If the client doesn't have the intermediate certificate, how can it know > the server's certificate is valid? > > > I don't see this error if i use intermediateCA as CA in Client !!!! >> >> Am i supposed to use intermediateCA as CA in Client? >> > > You have to get the IC to the client somehow. The usual method is to have > the server send it. Does the server software provide a way to supply a > certificate chain? > > DS > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >