[erlang-questions] Intermediate certificate as CA

Erik Seres erikseres@REDACTED
Thu Feb 22 17:57:22 CET 2018


Hello,

We are developing a custom service that uses TLS certificates.  Clients connect to that service and must present their client certificate.  The client certificates are signed by a CA managed by our service.  Our service's CA cert is in turn signed by a root cert, and not self signed.  We do not want to require the clients to hold the services intermediate cert, and so they connect just presenting their own client certificate.  However, the erlang SSL application does not seem to allow for this setup.  It seems to require that to verify the client certificate, that the service's cert is self signed (ie a root cert) or that the client provide all intermediate certs in the chain.  Is there a way to configure the service with the intermediate cert as the ca, and not require the client to also send it as part of the chain?

Thanks,
Erik
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20180222/f4c3e0b7/attachment.htm>


More information about the erlang-questions mailing list