Hello, I looked at the extension "Basic Constraints" in the cert which is set to TRUE if the certificate is from a CA. And then I compare the subject and issuer name. If they don't match then it is a sub CA.
I think you will know but nevertheless: you can get a text-output of a cert in PEM-format with: openssl x509 -in cert.pem -text -noout Helga -----Ursprüngliche Nachricht----- Von: Fiel Cabral [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 12. Juni 2003 16:36 An: [EMAIL PROTECTED] Betreff: Determining if a cert is a CA cert. If someone gives my program just one X.509 v1 or v2 certificate, how do I check if it is a CA certificate? These are the things I do to check if it is a root CA certificate: a. Check if the subject and issuer names match. b. Check if the certificate is self-signed. But if the certificate is a sub CA certificate, then is there a way to find out? Are X.509 v1 or v2 sub CA certificates common? Thanks for any ideas. -Fiel __________________________________ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
