That is forbidden.But even if your certs had unqiue serial numbers, I don't know whether NSS would be able to fetch that intermediate dynamically from the web. I doubt it.
Kai Anders Rundgren wrote:
The following 3-level certificate hierachy works as expected when looking on it in MSIE: Root certificate: http://webpki.org/mozbug/root.cer (to be imported) Actual CA certificate: http://webpki.org/mozbug/cacert.cer (NOT to be imported since the EE cert's AIA CAissuers URI points to this) EE certificate and private key: http://webpki.org/mozbug/anders.p12 (Import and use password "testing") Using Mozilla FF (latest release on Windows) the built-in certificate viewer says that the EE cert is untrusted even though Root was imported and edited as trusted. Are there any known problems with path building in the certificate viewer? I don't use Thunderbird so I could not tesr with e-mail. Anders _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto