thanks for the reply. so that can i say that "if a certificate is self signed, then it is a root certificate." how do i know a certificate is self signed?
another question is that, for example, if i want to use a self-signed certificate as my server certificate, so that during the ssl handshake phase, this self-signed certificate is going to be sent from the server to the client. to verify this self-signed certificate, what the client is suppose to do? to be specific, do i have to independently distribute this self-signed certicate to the client before the ssl handshake? thanks. chong peng -----Original Message----- From: Bernhard Froehlich [mailto:[EMAIL PROTECTED] Sent: Saturday, October 14, 2006 1:10 PM To: [email protected] Subject: Re: a simple ca question Chong Peng wrote: > guys: > > how to tell a root certificate from a non-root certificate? i sthere a field > in x509 structure for us to tell? thanks. > Root certificates are self signed, that is the issuer equals the subject in the certificate. Hope it helps, Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
