Thanks Victor. Could you explain the reason in below cases? These are in cases when we use both the APIs as mentioned above. cert_file : Server's certifcate chain_file: Complete certificate chain; starting with Server's certifcate, followed by intermediate CA certificate and ending with Root CA certificate Scenario 1 - Failing case SSL_CTX_use_certificate_file() : Loaded cert_file SSL_CTX_use_certificate_chain_file() : Loaded chain_file Test: When tried to connect to the server, only Server's certificate and Root CA certificate were presented in the CERTIFICATE message of the handshake; intermediate CA certificates were missing. Scenario 2 - Successful case SSL_CTX_use_certificate_file() : Loaded chain_file SSL_CTX_use_certificate_chain_file() : Loaded chain_file Test: When tried to connect to the server, complete certificate chain was presented in the CERTIFICATE message of the handshake. On Wed, Jul 27, 2016 at 10:08 PM, Viktor Dukhovni < openssl-users at dukhovni.org> wrote: > On Wed, Jul 27, 2016 at 09:28:55PM +0530, john gloster wrote: > > > Can we use both the following APIs in the same application to load > > certificate to the SSL context? > > > > *SSL_CTX_use_certificate_file()* > > *SSL_CTX_use_certificate_chain_file()* > > For any given certificate chain use either one or the other, but > in many cases SSL_CTX_use_certificate_chain_file() is the more > convenient choice. > > > If we can how to use them? > > ERR_clear_error(); > if (SSL_CTX_use_certificate_chain_file(ctx, cert_file) <= 0) { > /* Handle error */ > } > if (SSL_CTX_use_PrivateKey_file(ctx, key_file, SSL_FILETYPE_PEM) <= 0) > { > /* Handle error */ > } > if (!SSL_CTX_check_private_key(ctx)) { > /* Handle error */ > } > /* Success */ > > See the SSL_CTX_use_certificate(3) manpage for a more detailed > description. > > -- > Viktor. > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160727/52fc728d/attachment.html>