Home > mailing lists

Re: Trust intermediate CA for client certificates - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Trust intermediate CA for client certificates
Date	December 3, 2013 00:26:27
Msg-id	26664.1386019570@sss.pgh.pa.us Whole thread Raw
In response to	Re: Trust intermediate CA for client certificates (Ian Pilcher <arequipeno@gmail.com>)
List	pgsql-hackers

Tree view

Ian Pilcher <arequipeno@gmail.com> writes:
> BTW, you can't just "list the certs of the intermediate CAs you do
> trust"; you have to put the root CA certificate into root.crt in order
> for OpenSSL to build a complete chain,

I believe you are mistaken.  OpenSSL just wants a chain to one of the
certs you've told it to trust.

But in any case, Stephen is right that intermediate certs aren't meant
to be used in the way you want.  They're just a mechanism for a CA to
use for its own purposes.
        regards, tom lane

pgsql-hackers by date:

From: Bruce Momjian
Date: 03 December 2013, 00:25:37
Subject: Re: Trust intermediate CA for client certificates

From: Peter Eisentraut
Date: 03 December 2013, 00:30:12
Subject: note to reviewers: reply to the original email

Re: Trust intermediate CA for client certificates - Mailing list pgsql-hackers

Previous

Next