Hi all,
I wrote an openssl server, which uses an on-the-fly created certificate and signs it with the private key of another already created self-signed certificate file. I am adding them both to the ctx: X509 cert = X509_new(); ..... X509_set_pubkey(cert, base_pkey) X509_sign(cert, base_pkey, EVP_sha1()); .... SSL_CTX_use_certificate(ctx, cert); //cert = just created SSL_CTX_add_extra_chain_cert(ctx, base_cert); //base_cert = read from file When I connect to this server from a browser while tracing client traffic from wireshark, I see both certificates being received in Certificate record, but if I want to see the certificates in the certificication path of current page I only see 'cert', not both. I set the following fields as shown in both certificates cert.subject.commonname = servername cert.issuer.commonname = salih base_cert.subject.commonname = salih base_cert.issuer.commonname = salih What I want to do is, add base_cert to trusted certificate list of client and any certificate signed with base_cert to show up without any certificate warnings. And I need the certificate chain tree to be parsed correctly by the browser for this. Am I missing something during the certificate creation process? Client OS: Windows7 64bit, Internet Explorer Server: Linux 64bit Thanks,
