On Thu, Apr 21, 2016 at 09:58:19AM +0200, Jan Just Keijser wrote:
> On 20/04/16 18:01, Lionel Elie Mamane wrote:
>> [...]
>> the "proper" way to do this is to use
>> - do a full CA+sub CA check on the server side (i.e. stack ca.crt +
>> subca.crt into a single file and use it as "ca ..." )
>> - a
Hi,
On 20/04/16 18:01, Lionel Elie Mamane wrote:
> [...]
> the "proper" way to do this is to use
> - do a full CA+sub CA check on the server side (i.e. stack ca.crt +
> subca.crt into a single file and use it as "ca ..." )
> - add a "tls-verify" script to ensure that the certificate chain always
On 2016-04-20 12:14 PM, Jan Just Keijser wrote:
> On 20/04/16 18:02, Simon Deziel wrote:
>> On 2016-04-20 11:53 AM, Jan Just Keijser wrote:
>>> Hi,
>>>
>>> On 19/04/16 16:12, Lionel Elie Mamane wrote:
On Tue, Apr 19, 2016 at 06:46:27AM -0400, Colin Ryan wrote:
> I'm fairly certain you
On 20/04/16 18:02, Simon Deziel wrote:
> On 2016-04-20 11:53 AM, Jan Just Keijser wrote:
>> Hi,
>>
>> On 19/04/16 16:12, Lionel Elie Mamane wrote:
>>> On Tue, Apr 19, 2016 at 06:46:27AM -0400, Colin Ryan wrote:
>>>
I'm fairly certain you need the full cert path, including root and
any int
On Wed, Apr 20, 2016 at 12:02:22PM -0400, Simon Deziel wrote:
> On 2016-04-20 11:53 AM, Jan Just Keijser wrote:
>> On 19/04/16 16:12, Lionel Elie Mamane wrote:
>>> On Tue, Apr 19, 2016 at 06:46:27AM -0400, Colin Ryan wrote:
On 2016-04-19 1:41 AM, Lionel Elie Mamane wrote:
> I run my own
On Wed, Apr 20, 2016 at 05:53:18PM +0200, Jan Just Keijser wrote:
> On 19/04/16 16:12, Lionel Elie Mamane wrote:
>> On Tue, Apr 19, 2016 at 06:46:27AM -0400, Colin Ryan wrote:
>>> On 2016-04-19 1:41 AM, Lionel Elie Mamane wrote:
I run my own private CA with a structure like:
rootCA --
On 2016-04-20 11:53 AM, Jan Just Keijser wrote:
> Hi,
>
> On 19/04/16 16:12, Lionel Elie Mamane wrote:
>> On Tue, Apr 19, 2016 at 06:46:27AM -0400, Colin Ryan wrote:
>>
>>> I'm fairly certain you need the full cert path, including root and
>>> any intermediate certs.
>>> To not require this would
Hi,
On 19/04/16 16:12, Lionel Elie Mamane wrote:
> On Tue, Apr 19, 2016 at 06:46:27AM -0400, Colin Ryan wrote:
>
>> I'm fairly certain you need the full cert path, including root and
>> any intermediate certs.
>> To not require this would question the whole point of the cert's.
>> I don't, to be f
On Tue, Apr 19, 2016 at 06:46:27AM -0400, Colin Ryan wrote:
> I'm fairly certain you need the full cert path, including root and
> any intermediate certs.
> To not require this would question the whole point of the cert's.
> I don't, to be frank, understand why you want to not have the rootCA
>
> I run my own private CA with a structure like:
>
> rootCA vpnSubCA
> || vpnCertificate1
> | | vpnCertificate2
> | | vpnCertificate3
> |
> | otherCertificate1
> | otherCertificate2
> | otherCertificate3
> |
On Tue, Apr 19, 2016 at 02:07:23PM +0100, George Ross wrote:
>> I run my own private CA with a structure like:
>>
>> rootCA vpnSubCA
>> || vpnCertificate1
>> || vpnCertificate2
>> || vpnCertificate3
>> |
>> | otherCerti
I'm fairly certain you need the full cert path, including root and any
intermediate certs.
To not require this would question the whole point of the cert's.
I don't, to be frank, understand why you want to not have the rootCA
included. The server - correct me if I'm wrong - would only need the
Hi,
I run my own private CA with a structure like:
rootCA vpnSubCA
|| vpnCertificate1
|| vpnCertificate2
|| vpnCertificate3
|
| otherCertificate1
| otherCertificate2
| otherCertificate3
| otherCertif
13 matches
Mail list logo
