Francisco,
Francisco Javier Arias González wrote:
I have:
Two CA certificates. (CA1 , CA2) (not well known CA)
One client certificate of CA1.
Ask option enabled.
If a http server have a certificate of CA1, mozilla send client
certificate.
If a http server have a certificate of CA2, mozilla do not send client
certificate.
In order for client auth to work, the server needs not just have a
certificate issued by a particular CA (CA1 or CA2), it needs to select
the particular CA cert as trusted for doing client authentication. This
is typically configured in the web server administration UI.
It would be perfectly valid for a web server to have its own server cert
issued by CA1, but trust CA2 for client auth.
_______________________________________________
mozilla-crypto mailing list
mozilla-crypto@mozilla.org
http://mail.mozilla.org/listinfo/mozilla-crypto