[ssh_x509] Intermediate CA certificates required on client

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Tue Sep 13 09:06:38 EEST 2016


Hi,

After some testing, it seems that when one has intermediate CAs between the
root CA and the certificate on the server, the client needs all
intermediate certificates in it's store, rather than just the root CA. Is
this intended behaviour?

It would be much easier to maintain if only the root was required, and one
could set a max depth from the root that would be allowed.

I have not tested whether the server side requires an intermediate CA for
connecting clients.



More information about the ssh_x509 mailing list