Dr. Stephen Henson wrote: > When I saw that message I did some tests myself. If the certificates are > reordered so the root CA is last it still gives the dialog allowing the > intermediate CA trust to be edited, even though its now first and the > root CA last. > > My initial thought was that this might be a SET OF reordering issue > which would make the smallest certificate first. However a Netscape > certificate sequence behaves in the same way. > > Just to add to the confusion I've just created a pair of test > certificates one 512 bit the other 1024 bit and in this case whichever > is first gets the trust edit dialog. > > Steve.
Steve, Good to hear from you again. Thanks for adding to the confusion ;-) Seriously, thanks for the information. Since the certs are supposed to be a chain, I think the solution is to pick any one of them and walk the chain towards the root and allow the user to edit the trust on the cert that is closest to the root from that chain. Sound right? -- Nelson Bolyard Disclaimer: I speak for myself, not for Netscape
