I have a scenario where I need to connect to HTTPS site from my application (glassfish server or apache server). Let me illustrate via some example.
For Eg. I need to connect to https://stackoverflow.com from my application. Stackoverflow has chaining as below
If I try to validate from the client with all the 3 certificate( endsite cert,intermediate,cert and root cert) all works well.
The Question is, which is the right way of providing certificates from the client. If I just provide the *.stackexchange.com certificate from the client like below it works( So should I use enduser cert or root cert)
openssl s_client -CAfile stackexchangecom.crt -connect stackoverflow.com:443
So If understanding is correct then the webserver at stackoverflow.com has bundled the enduser certificate with Intermediate certificate and with the Root CA hence I get the valid connection.
Note : I am aware of the way SSL certificates work and also the chaining. I just want to know the best or the pragmatic practice for providing certificates for accessing the HTTPS