Karsten Künne wrote: > They might not support the AKI extension which is surprising > as this extension is rather trivial to add.
Well, they should add it to be compliant with PKIX cert profile. RFC 5280, section 4.2.1.1.: The keyIdentifier field of the authorityKeyIdentifier extension MUST be included in all certificates generated by conforming CAs to facilitate certification path construction. There is one exception; where a CA distributes its public key in the form of a "self-signed" certificate, the authority key identifier MAY be omitted. Ciao, Michael.
