Hi Martin,
according to RFC 3280, Section 4.2.1.1 such a reference is called Authority Key Identifier. It can be the literal DN of the CA or the issuing CA's SHA1 public key hash. You can set it in the openssl.cnf file thusly:
authorityKeyIdentifier = <[keyid[:always]][, issuer[:always]]>
If you use keyid:always, your CA automatically includes the public key hash as Authority Key Identifier, which will be automatically be used instead of issuer name match for certificate chain verification by RFC conforming clients...
I know this - but this key does not include a URI to obtain the certificate :(
So I can use this to select a certificate out of known ones, but I am unable to fetch it from "teh web"
Oli
-- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72
smime.p7s
Description: S/MIME Cryptographic Signature
