To start: This is already easy to achieve with sh/bash scripting, so priority is definitely low here, but wanted to kick off a discussion on the subject.
I think it would be nice to expand the api optional parameter "chain=true | false" to "chain=full | intermediate | none". Some folks don't consider including the root CA in the chain a best practice (and it shouldn't be needed). The additional option would return the certificate and intermediary, but not the root CA. Essentially the behavior would be:
full = same as "true" now, so root ca, intermediate, and end cert
intermediate = returns "true" minus the root CA, so just intermediate and end cert
none = same as "false" now, so just the end cert
To start: This is already easy to achieve with sh/bash scripting, so priority is definitely low here, but wanted to kick off a discussion on the subject.
I think it would be nice to expand the api optional parameter "chain=true | false" to "chain=full | intermediate | none". Some folks don't consider including the root CA in the chain a best practice (and it shouldn't be needed). The additional option would return the certificate and intermediary, but not the root CA. Essentially the behavior would be:
full = same as "true" now, so root ca, intermediate, and end cert intermediate = returns "true" minus the root CA, so just intermediate and end cert none = same as "false" now, so just the end cert
Some discussion on the topic: https://security.stackexchange.com/questions/65332/ssl-root-certificate-optional