Hi, tom glaab wrote:
Normally, this is acomplished not by changing the subject of the certificate, but by changing the keyusage. Changing the subject does not make sense if the two certs belong to the same person and are from the same issuer. This tells me your PKI is not implemented correctly.Julien Pierre <[EMAIL PROTECTED]> wroteIn truth, most people do not have more than one valid cert per issuer with a different subject, much less more than one valid cert for more than one issuer.I'm in the minority then, and it is annoying. I've had a corporate cert for years, and it includes an email cert. Now a mandate has come down for everybody to get an identity-only cert from the same corporate CA, even if you already have one.
For example, I have two corporate certs, one which is for encryption and another for signing. The subject of both certificates is identical. The signing certificate is used for identification purposes. You can see them both in the signature of this message.
I do find it annoying. While it's probably rare to find a person with multiple certs from the same CA I can see it happening more often... a single user may have his "normal" identity cert but also have a privileged or administrative cert. This probably shows more about the corporation's ignorance of PKI, but that's another story.
Well, there you go ...
smime.p7s
Description: S/MIME Cryptographic Signature
