I haven't checked the archives, but if I'm not mistaken, it's because it's (presumably) the rootCA that is the original trusted authority (the 'trust anchor'), and thus the authorityKeyIdentifier is the anchor rather than the CA that derives its trust from the anchor?
(Also: if the question has been asked quite a few times before, why isn't the answer in the FAQ?) -Kyle H On 2/10/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote: > On Fri, Feb 10, 2006, Tim Bond via RT wrote: > > This question has been asked quite a few times before. OpenSSLs behaviour is > correct. I suggest you check the archives for detailed reasons. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]