Details
-
Sub-task
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
Description
In the server side, currently we serve just the certificate of the entity itself for proving authenticity of the server side.
In order to simplify the trust store, and ensure that the RootCA certificate is enough to be distributed for every potential client, we can provide the trust chain of the server certificates in a certificate bundle to the connecting clients.
This task is about to ensure that once an intermediate CA signs a certificate, it provides it whole trust chain up until the RootCA in the certificate file that is sent back to the certificate owner after signing it CSR.