Project

General

Profile

certificate format requires providing root CA

Justin Karneges
Added over 5 years ago

Hi,

I noticed that if I attempt to provide a partial chain, then tigase refuses to use the certificate file. In fact, it even completely overwrites the file with its own generated cert.

I think it is not unusual to leave out the root CA of a chain in a TLS server configuration. And in my case, the certificates would be provided by users adding their domains into the service, and I would like to not force them to include the root cert. If tigase is doing some kind of chain check to detect mistakes, then maybe there could be an option to disable this?

Thanks.


Replies (2)

Avatar?id=6023&size=32x32

Added by Artur Hefczyc TigaseTeam over 5 years ago

We had problems with unrecognized certificate in the past if the root CA is not included, hence we decided to require it. I suppose we could add some logic on the server, which, in case the root is missing it could try to fetch it automatically itself and include in the file. However, I think it might require some more work, therefore I cannot promise that in near future.

Avatar?id=6023&size=32x32

Added by Artur Hefczyc TigaseTeam over 5 years ago

Feel free to submit a feature request though.

    (1-2/2)