Re: [openssl] Forming the correct chain for an end entity certificate Reg.

2012-07-29 Thread Ashok C
Thanks Dave. That clarifies part of my question. The next part is regarding cross certificates. For the normal multilevel hierarchy, AKI check seems to be sufficient to identify the correct CA in the chain. But when cross certificates come into the picture, will the AKI checks still hold good? I he

RE: [openssl] Forming the correct chain for an end entity certificate Reg.

2012-07-29 Thread Dave Thompson
>From: Ashok C [mailto:ash@gmail.com] >Sent: Saturday, 28 July, 2012 01:21 >Thanks Dave. But main use case for me is the trust anchor update case. >I have a certain requirement which goes like this: >I have a client application which runs on my machine and it will attempt >to connect to mult

Re: [openssl] Forming the correct chain for an end entity certificate Reg.

2012-07-27 Thread Ashok C
Also adding openSSL community into loop. Thanks Dave. But main use case for me is the trust anchor update case. I have a certain requirement which goes like this: I have a client application which runs on my machine and it will attempt to connect to multiple remote servers. *At time T0:* Client ha