Thanks everyone for your interest in this topic.
What I was meaning by "checking that this is working" was:
-
Before January 11, 2021, even an incorrect chain specified to -preferred-chain arg (e.g. --preferred-chain "Innexistant CA") will be signed by DST Root CA X3
-
I was looking for a way (a specific log entry or something on stdout) to check that the chain argument is correct and that "DST Root CA X3" is not used as fallback
-
All of that in production environment
