devel@ntpsec.org said: > Partial validation means you don't follow the cert chain to the root. In the > off-net scenario, it means you stop folloing the chain when you'd have to go > outside the network perimeter you're in. ...
> https://www.owasp.org/index.php/Certificate_and_Public_Key_Pinning Thanks, but I'm missing something critical. I thought most systems came with a collection of trusted/root certificates. What do I have to go outside-the-network to get? I'm not a certificate wizard. I'm debugging with self signed certificates. I'm using root, intermediate, and server certificates. As far as I can tell, there is no good reason for the intermediate certificate if you are small or just testing. It was in the cookbook I was following and I got past here before I figured out that I didn't need it. I tell the NTS-KE server to use a certificate file that contains both the server certificate and the intermediate certificate. I assume the server sends both to the NTS-KE client. I told the NTS-KE client to use/trust the root certificate. It works. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel