Good Evening all,
I have 2 Root Certificate Authorities which I want to use to cross sign
an intermediate certificate. I created a certificate request and signed
it with both CAs.
I issued an end user certificate with the intermediate CA and added both
intermediate CA Certificates (the one from
This may be the wrong place to ask this since it is not OpenSSl specific, but
would cross signing of a x.509 cert to verify it's contents be a good measure
to increase the trustworthiness of a cert. Take the following example...
We have a CA which hands out certs with authorization type
You'd also need to identify that second CA. Verifying that internal
(second) signature would be tricky since you'd have to remove the
extension (tweak the DER length fields, etc) before hashing. And then
there's all the complexity of checking for revocation from the second CA.
(Which,