Whitelisting certificates does not support standard X.509 chains

[Simon-Boyer]

X.509 certificate chains can only be certificates chained one after the other. The line --START INTERMEDIATE CERT--, required in QZ Tray, is not required in X.509 standard. Also, I didn't test it, bu I doubt that chains with more than 2 certificates would work with the current implementation.

The certificate reading methods should use a library based on standards, like Bouncy Castle API, instead of .split() methods. Not sure if it is possible while maintaining a backward-compatible environment, but I think it should at least be investigated.

As I said in #799 , I might look into making a PR for this issue.

[tresf]

I doubt that chains with more than 2 certificates would work with the current implementation.

As of #708, it should be very close to working. I agree, the intermediate chaining is implemented in a proprietary fashion. BouncyCastle is already used, so this should be a relatively small change. PRs which fix this are welcome.

As of #708, a self-signed cert can be generated through the software for demonstration purposes (QZ Tray 2.1.3 or higher).