Export p12 with chain but exclude root/anchor

Open Gunni opened this issue 9 months ago • 2 comments

I want to be able to export PEM or pfx/p12 files but not include the root/anchor certificate.

To prevent Chain issues Contains anchor.

Apr 01 '25 09:04 Gunni

Which application is it that does not like the root in the chain? Do you have that root-ca already installed in the trust-store of that application? In that case it should simply ignore the root CA

Apr 01 '25 20:04 chris2511

Web servers aren't supposed to have the root cert and send it because it is assumed that the client already has and trust the root. Openssl is one example btw.

Apr 01 '25 23:04 Gunni