There can be intermediate CAs between the root CA, and the actual issuing CA. You'd need all the certs in between so as to be able to chain the cert back to its root CA's cert.
Cheers Ken From: [email protected] [mailto:[email protected]] On Behalf Of Greg Keogh Sent: Wednesday, 15 September 2010 8:01 AM To: 'ozDotNet' Subject: [OT] Root certificates Folks, after rebuilding my Win7 dev machine recently I forgot to reinstall my personal security certificates. I've got two (listed below) that I imported in certmgr, I can see they have private keys and look valid, but their certification path is empty. I thought that Win7 would be modern enough to have the path roots supplied with the OS, so looking in certmgr I can see a dozen Verisign and Thawte trusted roots in different stores, but they don't seem to validate my cert paths. I downloaded a zip file of root certificates HERE<https://www.verisign.com/support/roots.zip> but there but you get 10 cer files and get clue about which one to use or which store to put it in. I ran one experimental import but it did nothing. Rather than waste hours of time and possibly damaging my store I thought I'd ask in here if anyone can cut through the crap and tell me the easiest of getting my personal certs working again. I'll keep web searching in the meantime. Cheers, Greg Verisign Class 1 Indivisual Subscriber CA- G2 Secure Email, Client Authentication Thawte Code Signing CA Code Signing, 1.3.6.1.4.1.311.2.1.22
