> let's see... you're talking about the authorityKeyIdentifier? I
> thought that that went up 2 steps up the tree and then gave a serial
> number of cert issued by that CA.
No, it identifies the key that is signing the actual cert (or CRL). A CA's
subject key identifier (SKI) gets populated as the AKI into everything it
signs.
/r$
--
SOA Appliance Group
IBM Application Integration Middleware
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
