The responder isn’t supposed to be self-signed.  It’s supposed to be signed by 
the CA issuing the certs.  That way you know that the CA “trusts” the responder.

Now, having said that, what you want to do is reasonable – think of it as “out 
of band” trust.  You will probably have to modify the source to support it, 
however.

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to