On Fri, Feb 10, 2006, Tim Bond via RT wrote: > > I am doing some interop testing with a toolkit that performs PKIX > certificate verification and it is having a problem validating a chain I > built with OpenSSL. What appears to be happening is that when 'ca' copies > in the authority key information into the client certificate, it is pulling > in the CA subject from my root CA instead of my intermediate CA (marked > *wrong* below). > > If you look at the following chain (leaf->intermediate->root CA), you will > notice the subject key/authority keys are correct. The authority serial > numbers are correct. But, the leaf certificate has the rootCA's subject DN. > It should be the intermediate CA's subject DN. >
This question has been asked quite a few times before. OpenSSLs behaviour is correct. I suggest you check the archives for detailed reasons. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]