NTS: removed "not implemented" on server ca

Achim Gratz Stromeko at nexgo.de
Wed Apr 3 18:23:37 UTC 2019


Gary E. Miller via devel writes:
>> I think openssl is expecting the root cert.

OpenSSL expects a PKI directory (in which each cert has to have a
certain filename so it doesn't have to read all files each time) or a
bundle file with all the certs concatenated.

> And in the case of ostfalia, I only could get their root cert becuase I
> was talking to the guy.  Much more common case is I just have the end
> cert.

If you can't get the root cert, you cannot validate anything that has
this root as the trust anchor.  A root cert is nothing but a normal cert
that is signed by the same public key that it certifies (plus some
metadata around it).  It's a "root" cert because there is no further way
of verifying it.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

SD adaptations for KORG EX-800 and Poly-800MkII V0.9:
http://Synth.Stromeko.net/Downloads.html#KorgSDada



More information about the devel mailing list