Hi there >>>>> Regardless of if the certificates produced by the mentioned target >>>>> environment are technically compliant to those standards - if OpenSSL (as >>>>> one of the major cryptographic libraries used on the Internet to >>>>> implement these standards) cannot process these certificates properly >>>>> this indicates that the certificates produced by the target environment >>>>> may not provide the expected compatibility.
>>> This is where im focusing my effort. When the "openssl verify >>> -check_ss_sig" command failed, I knew, also from past experience, that the >>> Root Certificate is the problem. The way Root CA's are setup in Microsoft >>> world, the user has no control over exactly how to create the key, only the >>> request to sign with. Also that there is a, to me, glaring omission with >>> the AIK not present, I want to see if I can also get that added. I've seen in other examples while googling around, multiple certificates loaded up into the Root, and certutil does have flags to import them. I just loaded up the PSPKI powershell library to start playing with self signed certificates (using the X509 .NET interfaces) until "openssl verify -check_ss_sig" checks out, XPKI has nothing to do. I'll post back with what I find. _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
