I am setting up SSL on my Kestrel Linux server using .NET Core 2.1.1.
The SSL certificate is signed by an intermediate CA.
The SSL certificate contains intermediate and root CA.
I load the pfx file as a X509Certificate2 object and use this for the server certificate.
It seems to be that the way I have set this up, the intermediate CA is not sent as part of the handshake and only the leaf is sent.
return WebHost.CreateDefaultBuilder(args)
.UseStartup<Startup>()
.UseKestrel(options =>
{
options.Listen(IPAddress.Any,443, listenOptions =>
{
listenOptions.UseHttps("ssl.pfx", "password123");
});
}
)
.Build();
So I execute this command and it shows only the leaf but not the intermediate:
openssl s_client -showcerts -connect myserver:443
I expect it to include the intermediate ca and leaf as one would expect like this for example:
openssl s_client -showcerts -connect google.com:443
I am setting up SSL on my Kestrel Linux server using .NET Core 2.1.1.
The SSL certificate is signed by an intermediate CA.
The SSL certificate contains intermediate and root CA.
I load the pfx file as a X509Certificate2 object and use this for the server certificate.
It seems to be that the way I have set this up, the intermediate CA is not sent as part of the handshake and only the leaf is sent.
So I execute this command and it shows only the leaf but not the intermediate:
openssl s_client -showcerts -connect myserver:443I expect it to include the intermediate ca and leaf as one would expect like this for example:
openssl s_client -showcerts -connect google.com:443