Re: Trust intermediate CA for client certificates - Mailing list pgsql-hackers

From Tom Lane
Subject Re: Trust intermediate CA for client certificates
Date
Msg-id 26664.1386019570@sss.pgh.pa.us
Whole thread Raw
In response to Re: Trust intermediate CA for client certificates  (Ian Pilcher <arequipeno@gmail.com>)
List pgsql-hackers
Ian Pilcher <arequipeno@gmail.com> writes:
> BTW, you can't just "list the certs of the intermediate CAs you do
> trust"; you have to put the root CA certificate into root.crt in order
> for OpenSSL to build a complete chain,

I believe you are mistaken.  OpenSSL just wants a chain to one of the
certs you've told it to trust.

But in any case, Stephen is right that intermediate certs aren't meant
to be used in the way you want.  They're just a mechanism for a CA to
use for its own purposes.
        regards, tom lane



pgsql-hackers by date:

Previous
From: Bruce Momjian
Date:
Subject: Re: Trust intermediate CA for client certificates
Next
From: Peter Eisentraut
Date:
Subject: note to reviewers: reply to the original email