Matteo Corti

Thanks!

Issue seems solved (cannot reproduce anymore)

I would first check if this really makes sense. Why more then one issuer? Is there a use case? I didn't find any other examples... But on the other end,...

Just as info Authority Information Access (AIA) is a special extension in SSL certificates that contains information about the issuer of the certificate. This extension helps fetch intermediate certificates from...

Since I do not have host to test. Do you (@rlueckl) have a host I could use for debugging? You could send it to me privately and I would not...

> I just had check_ssl_cert correctly return CRITICAL for a revoked certificate due to OCSP a few days ago, so I do think it works currently. I just checked, and...

Reference to check https://www.rfc-editor.org/rfc/rfc5280#section-4.2.2.1

Seems that multiple certifcates are possible: > An authorityInfoAccess extension may include multiple instances of > the id-ad-caIssuers accessMethod. The different instances may > specify different methods for accessing the...

And again: https://security.stackexchange.com/questions/26577/is-an-aia-or-crl-useful-required-at-the-root-ca-if-that-root-is-used-to-cross > The AIA extensions are used to help in path building, by pointing to potential certificates for the issuer. Use of these certificate is not mandatory; mass...

> I'm not sure if I understand this ticket, but if this is about hiding server configuration issues by downloading intermediate certificates from AIA, I strongly disagree, as previously discussed:...