You are right. A certificate chain is built starting from the subject cert until we find a root certificate i.e; the chain building operation is stopped when a certificate whose issuer and subject name is same.
I found that using authkeyidentifier and subjectkeyid we can build chain. But the question is how to buiild it. I am having a hard time finding it. We use CertGetCertificateChain() microsoft API to build cert chain based on suject and issuer names. But I want to build it using akid and skid. Does anyone knows how to do this or is there any API which I can use. Thanks macescandell wrote: > > How are creating the certicate chain. A certificate chain has to start > with > the subject certificate followed by an intermediate certificate ... > ending > in the root certificate. You can do this using *cat* > > Thank You > > > On Dec 19, 2007 12:18 PM, luvlee_ghg <[EMAIL PROTECTED]> wrote: > >> >> Hi experts, >> >> I would like to know if there is any API that takes care of building a >> certificate chain in openSSL similar to MS API. Also please let me know >> the >> basic details on how a certificate chain is verified in openSSL. >> >> Following is my implementation: >> >> R o o t C A >> | | >> SUB CA1 SUB CA1(signing key is different than the >> other one) >> | >> Issued Certificate >> >> When the issued certificate is sent for verification, it always fails. I >> think while building the certificate chain its building with the wrong >> SUBCA >> because it finds two of them with the same name. So I would like to know >> how >> can a certificate chain built in case if there are two CAs with similar >> name >> present in the certificate store. How to use the CA of the Issued >> certificate to build the chain for verification? >> >> >> >> -- >> View this message in context: >> http://www.nabble.com/Help-required-on-building-certificate-chain-tp14422191p14422191.html >> Sent from the OpenSSL - Dev mailing list archive at Nabble.com. >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> Development Mailing List [email protected] >> Automated List Manager [EMAIL PROTECTED] >> > > -- View this message in context: http://www.nabble.com/Help-required-on-building-certificate-chain-tp14422191p15530598.html Sent from the OpenSSL - Dev mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
