In message <[EMAIL PROTECTED]> on Wed, 15 May 2002
14:06:41 +0200, "Maxime Dubois" <[EMAIL PROTECTED]> said:
maxime.dubois> I have 3 CAs: 1 rootCA and two sub CAs (subCA1 and subCA2) signed by
rootCA.
maxime.dubois> The CDP in subCA1 and subCA2 certs points to the rootCA CRL.
maxime.dubois> The CDP in end-user certs issued by one subCA points to the subCA CRL.
maxime.dubois> Do I need to point also to the rootCA CRL for end-user certs?
No. The software that wants to do path validation will do a separate
check of the subCA certificates, and will then look at the rootCA
CRL.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
