Re: Directly trusted self-issued end-entity certs - Re: How to rotate cert when only first matching cert been verified

@Michael Wojcik Thanks for your reply! It makes sense more that you said, the RFC pages are indeed hard to read... @David von Oheimb thanks for the clarification! Sorry for my misunderstanding, also thanks for your fix, I will follow up on that too. BTW, OpenSSL is such a friendly community.

Re: Directly trusted self-issued end-entity certs - Re: How to rotate cert when only first matching cert been verified

On 01.01.21 08:07, 定平袁 wrote: > @David von Oheimb > Thank you so much for your deep investigation! My pleasure! > With subjectKeyIdentifier and authorityKeyIdentifier extensions, it > works like a charm! Good to hear. I've meanwhile submitted a pull request that fixed the be

RE: Directly trusted self-issued end-entity certs - Re: How to rotate cert when only first matching cert been verified

> From: openssl-users On Behalf Of ??? > Sent: Friday, 1 January, 2021 00:08 > How to pick up cert from trust store(or cert container as you say) > is decided by different implementation themselves, do I understand correctly? Yes, in some cases under partial or complete control by the applicatio

Re: openssl-users Digest, Vol 73, Issue 29

@Jochen Bern Thanks for your reply! I didn't describe the problem clearly due to lack of tls domain knowledge. Now I know my cert is self-signed end entity cert, and the statement I found on openssl website does not apply to me. The behavior is similar(Actually not the same, since my two certs ha