Query reg multiple CA-Cert in list with same subject
Hi, I have a query for Ca-Cert list. If at gateway we have configured two CA-certs A1 and A2 both having same subject and content except time-stamp of generation. If peer sends Cert matching to A2, gateway tries to validate it with A1(subject being same and configured first in list) and validation fails. 1. is there a way to avoid addition of cert in store if subject and all contents are same except timestamp generation. 2. Or if not 1st, is there way to validate incoming cert with both cert configured in store. Thanks
Re: Query reg multiple CA-Cert in list with same subject
Bonjour, No need to include openssl-dev here. If A1 and A2 have the same subject, then they are 2 certificates for the same CA. Therefore, your gateway is right in testing A1 first. However, if your software is correctly configured, it should also test A2. That's what OpenSSL does when given a set of CA certificates. If your gateway software is a commercial software, please report this misbehaviour to the vendor. -- Erwann ABALEA Le 10/06/2014 09:08, Mukesh Yadav a écrit : Hi, I have a query for Ca-Cert list. If at gateway we have configured two CA-certs A1 and A2 both having same subject and content except time-stamp of generation. If peer sends Cert matching to A2, gateway tries to validate it with A1(subject being same and configured first in list) and validation fails. 1. is there a way to avoid addition of cert in store if subject and all contents are same except timestamp generation. 2. Or if not 1st, is there way to validate incoming cert with both cert configured in store. Thanks
Query reg multiple CA-Cert in list with same subject
Hi, I have a query for Ca-Cert list. If at gateway we have configured two CA-certs A1 and A2 both having same subject and content except time-stamp of generation. If peer sends Cert matching to A2, gateway tries to validate it with A1(subject being same and configured first in list) and validation fails. 1. is there a way to avoid addition of cert in store if subject and all contents are same except timestamp generation. 2. Or if not 1st, is there way to validate incoming cert with both cert configured in store. Thanks Mukesh
