On 03/04/2016 03:26 PM, Jan Just Keijser wrote: > Hi, > > On 03/03/16 22:04, ValdikSS wrote: > it's possible to send a stacked CA certificate (i.e. server certificate > and intermediate CA cert) from server to the client. We use this in > production, and it is done by simply stacking (cat'ing) the server cert > and intermediary CA cert file into a single pem file. The intermediary > CA is verified using the client-side ca.crt file and the server cert is > signed by the intermediary CA. > I'm not sure what would happen if you stick two CA certs into the file, > however. > If this does not work: when looking thru the openssl s_server code I see > a -dcert option which does something similar - looks like it would be > trivial to add to OpenVPN.
This option is for supplying additional server certificate with a key file (i.e. if you want to use RSA and ECDSA keys), not for chains. Actually, openssl's s_server doesn't support pushing chains also. > > JM2CW, > > JJK > > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
signature.asc
Description: OpenPGP digital signature