Re: IIS Certificate chain in TLS Server Hello message
Joe Kaplan
Perhaps there is a reg key for schannel or a metabase setting you can change
but I'm not aware of it. You might try asking on ms.public.security.crypto
to see if anyone there knows.
Why would you need to do this? Providing the root cert won't make it
trusted on the client.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"AJ" <A...@discussions.microsoft.com> wrote in message
news:20543112-E541-4B4D...@microsoft.com...
> Hi,
>
> I have a question about IIS certificate chain. How to make IIS server to
> send all certificate, including root CA cert, in TLS/SSL Server hello
> message
> to client ? What I am seeing is thet IIS server presents all certificate
> in
> the chain except root CA cert.
>
> --
> AJ
AJ
fine after maunal inspection of certs, we can install it in our application
trust store by a single click.
OpenSSL needs all certs in the chain for TLS handshake to succeed, that why
we need all certificate in server hellp message.
Is ms.public.security.crypto a news group ?
--
AJ
Joe Kaplan
to this newsgroup (unless you came to it via some other weird way). Thanks
for the additional context. I hope you can find a way to get it to work.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
"AJ" <A...@discussions.microsoft.com> wrote in message
news:BD622546-1D5D-41BA...@microsoft.com...