Re: Certificates from Windows Store
Date: Mon, 21 Sep 2020 19:15:12 +0200
On Mon, Sep 21, 2020 at 01:08:35PM +0000, David Weisgerber via curl-library wrote:
> I notice that, in a newly installed Windows installation, my application
> would not trust them unless I open the same (HTTPS) site with the Internet
> Explorer. It seems as if there is a magic download of the root certificates
> happening when the Internet Explorer visits a SSL site with an unknown root
> certificate.
Rather then the root certificate, it could be a missing intermediate
certificate. If your server does not send a complete chain of the certificates
from the root down to the server certificate, then the connection will fail.
But if you connect with a web browser to a different server that serves the
complete chain, the browser could store the intermediate certficates into
Windows certificate store, and then a subsequent connect to your original
server would pass, because the complete path would be known to the Windows
cryptographical system.
-- Petr
-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
- application/pgp-signature attachment: signature.asc