Sander Smith wrote:
I'm a bit confused concerning SSL certificates, and hope someone can shed some light. In reading through the SSL spec concerning the SSL handshake, it appears to me that the certificate that authenticates my server must be signed by a certificate that is known to the client's browser. This would preclude the following scenario:
(Root Certificate) => (Intermediate Cert1) => (Intermediate Cert2) => www.mysite.com
Where (Root Certificate) is known to the client but the intermediate certificates are not. My certificate <SHOULD> be considered to be okay since it is traceable back to a trusted certificate, but the SSL handshake seems to say that this is not the case.
However, in looking at some real sites that have real certificates, I see the opposite happening. In particular I see the folowing:
Verisign => (Intermediate) => www.somesite.com
Where Verisign is known to my browser, but the intermediate certificate is not. It is of the fom:
www.verisign.com/CPS Incorp.by Ref. ... (some ofther stuff)
What is going on here? Is there a way for the the browser to get a copy of the intermediate certificate if it isn't already known to it as a trusted certificate?
Sander Smith
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
