A, B and C need to be available to the certificate verification process if you wish to check that D was signed by C, which was signed by B, which was signed by A.
> -----Original Message----- > From: Tat Sing Kong [mailto:[EMAIL PROTECTED]] > Sent: 10 December 2001 17:01 > To: Openssl-Users@Openssl. Org > Subject: Intermediate signing certs > > > > Hello, > > If you have a signing hierarchy of A signs B, B signs C, and > C signs D, so > that A is your root CA and D is the end user certificate. If > I want to > check that D is signed by A, does that mean that intermediate > signers B and > C also have to be present in the certificate stack, or what > openssl refer to > as the cert chain? > > Would this be a hassle if you have a root CA with a lot of > intermediate > signers? That means that you have to store/locate all > possible intermediate > signers to evaluate a couple of end user certificates. > > Tat. > > > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
