marius gabi wrote: > Thank you for your prompt response. We already tried your solution > and seems to be working. The issue is as follows: I do not have > (access to) the client's certificate (application not developed by > me) in order to compose the chains you mentioned.
You do not need client's certificate since that will be sent by the client always. If the client does NOT sent his intermediate CA certificate(s) there is no way for the server to complete client's certificate chain except client's intermediate CA certificate(s) are available locally to the server i.e. in SslCaFile. > Furthermore I > aspect that other clients that have the same ROOT as me (but possibly > other intermediary CA and client certs) will connect to my server. I > was wondering if there is a possibility to test the certificates at > ROOT level and complete a communication and transaction. That is only possible if the server is able to build a complete client certificate chain. Usually all CA certificates issued by a root CA are available for download as well. In your case the URL is http://sumo.irisa.fr/html/pki/ but their server currently fails with error "OpenCA Error: Server is not online or does not accept requests". -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
