How is a certificate chain presented to the client?
I've come to the understanding that the root store only stores self-signed certificates ("root" certificates).
Let A>B>...>R be certificates, where A>B means that B signs A's certificate resp. and R is a "root" certificate.
How does a server, with certificate A, present its certificate to a client having R in its root store?
Does the server send the whole chain, A>B>...(not R) to the client? Or does it only send certificate A, such that validation will fail, if not the client has B>... stored "somewhere" and R in its root store?
Aucun commentaire:
Enregistrer un commentaire