[Operators] IM Observatory: "Warning: Trusted root certificate is included in the chain. "

Thijs Alkemade thijs at xnyhps.nl
Thu Oct 31 15:24:39 UTC 2013


On 31 okt. 2013, at 16:14, Arnaud Abélard <arnaud.abelard at univ-nantes.fr> wrote:

> Hello,
> 
> the IM Observatory reporting tool gives me a few
> "Warning: Trusted root certificate is included in the chain." when checking my certificate chain.
> 
> I don't understand why the fact the root CA certificate is trusted and included is raising a warning?
> 
> I thought the usage was to include the whole certificate chain, did I get that wrong?
> 
> Thanks,
> 
> Arnaud

Hello Arnaud,

The client already has that certificate (because it is trusted), so including it is not necessary. However, it will cause more overhead for the handshake (extra bytes to send and slightly more CPU usage).

Of course, such a delay will be small and only happens once during a connection (it’s much worse for HTTPS), but in mobile clients every byte might count. :)

Regards,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.jabber.org/pipermail/operators/attachments/20131031/2e0538b7/attachment.pgp>


More information about the Operators mailing list