Creating correct certificate chains for OCSP is quite confusing - it would be very useful if sslmerge could generate them. As far as I can see it should include the intermediate and root certs, but not the leaf cert, so if a normal chain cert is leaf -> intermediate, the matching OCSP chain should be intermediate -> root.
Since we already have --with-root, this could perhaps be combined with a new --without-leaf option to achieve this.
Creating correct certificate chains for OCSP is quite confusing - it would be very useful if sslmerge could generate them. As far as I can see it should include the intermediate and root certs, but not the leaf cert, so if a normal chain cert is leaf -> intermediate, the matching OCSP chain should be intermediate -> root.
Since we already have
--with-root
, this could perhaps be combined with a new--without-leaf
option to achieve this.