Thank you both for your very helpful replies.Now i have tested a so called valid subCA. In my root CA and subCA configuration files(seperate configuration files) i have basic constraints set to "CA:True" exactly the same as the root certificate. But when i loaded my subCA which was signed by my roo
On Fri, Mar 17, 2006, Olaf Gellert wrote:
> Dr. Stephen Henson wrote:
> > On Fri, Mar 17, 2006, michael Dorrian wrote:
> >
> >> 1. Can a CA signed by the root CA act as a trusted CA itself?.
> >
> > Provided the root CA permits this...
>
> Actually I think: not. It seems to be impossible
> to
Olaf Gellert wrote:
> This matters in cases, where a certificate hierarchy
> has different CAs (eg operated by different organisations).
> Right now it seems impossible to me to tell openca:
===
Typo, I meant "openssl".
Olaf Gellert
--
Dipl.Info
Dr. Stephen Henson wrote:
> On Fri, Mar 17, 2006, michael Dorrian wrote:
>
>> 1. Can a CA signed by the root CA act as a trusted CA itself?.
>
> Provided the root CA permits this...
Actually I think: not. It seems to be impossible
to evaluate a certificate only up to a subCA,
openssl always re
On Fri, Mar 17, 2006, michael Dorrian wrote:
> 1. Can a CA signed by the root CA act as a trusted CA itself?.
Provided the root CA permits this...
> 2. How does the certificate chain stop another client who has a
> certificate signed by the same root authority as you acting as a trusted
>
The root CA can sign another CA. So you can have as many CA's as you like. But when the root sign another CA why can't that CA act as a trusted CA. For example i made my root CA then i created another server CA which i had signed by the root CA. I tried to load the Server CA cert as my trusted CA c
