You can find out if the V1 cert verifies directly with any of the
certificates in the trust store or its own public key. There's pretty
much nothing else you can do with it, other than try to link it to a
Distinguished Name that may or may not be useful.
Also, (EXFLAG_V1|EXFLAG_SS) doesn't tell y
Hi steve,
Thanks. Got it.
That means we can't differentiate between CA and end-entity in case of V1
certificate.
We can only find out if the V1 cert is a self-signed certificate or not.
Correct ?
Regards,
Sanjaya
On Wed, Sep 26, 2012 at 2:36 AM, Dr. Stephen Henson wrote:
> On Tue, Sep 25, 2012
On Tue, Sep 25, 2012, sanjaya joshi wrote:
>
> We can conclude an X509 V1 certificate to be a root ca using
> (EXFLAG_V1|EXFLAG_SS).
> Similarly, is there a way to know whether an X509 V1 certificate is an
> intermediate CA or end-entity certificate ?
>
You can't: there is nothing in a V1 certi
Can you figure out a way to do it from the v1 fields? keyUsage is an
extension requiring v3.
-Kyle H
On Sep 24, 2012 11:28 PM, "sanjaya joshi" wrote:
> Hi,
>
> We can conclude an X509 V1 certificate to be a root ca using
> (EXFLAG_V1|EXFLAG_SS).
> Similarly, is there a way to know whether an X5
