certificate format requires providing root CA
I noticed that if I attempt to provide a partial chain, then tigase refuses to use the certificate file. In fact, it even completely overwrites the file with its own generated cert.
I think it is not unusual to leave out the root CA of a chain in a TLS server configuration. And in my case, the certificates would be provided by users adding their domains into the service, and I would like to not force them to include the root cert. If tigase is doing some kind of chain check to detect mistakes, then maybe there could be an option to disable this?
Added by Artur Hefczyc over 5 years ago
We had problems with unrecognized certificate in the past if the root CA is not included, hence we decided to require it. I suppose we could add some logic on the server, which, in case the root is missing it could try to fetch it automatically itself and include in the file. However, I think it might require some more work, therefore I cannot promise that in near future.