Sorry, I did not completely understand your answer.
What is correct: my understanding or the behaviour of openCA.
I reformulate my question:
Why does a SubCA put the info of the RootCA into the authority key identifier field and not its own info?
OpenCA's or better OpenSSL's behaviour is correct. The name is important "Authority Key Identifier". This is an identifier of the CA (!!!). The value is an information about the authority which issues the CA's cert.
If the OpenSSL configuration and the standard contain the value "issuer" for this identifier then this means "authority issuer".
Michael -- ------------------------------------------------------------------- Michael Bell Email: [EMAIL PROTECTED] ZE Computer- und Medienservice Tel.: +49 (0)30-2093 2482 (Computing Centre) Fax: +49 (0)30-2093 2704 Humboldt-University of Berlin Unter den Linden 6 10099 Berlin Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
