Yes, it's definitely optional.
The most common keyIdentifier's that I have seen are based, well, on the key :)
/r$
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me; Twitter: RichSalz
_
On Fri, Jun 13, 2014, Carl Young wrote:
>
> Hi,
>
> I am looking for advice for an application using openssl, but it's not an
> openssl problem.
>
> We have a situation where an external company has provided us with
> authentication certificates from a subCA and we have all the cert's back up