Hi, when I contact https://github.com I get two certificates:
1) "CA: DigiCert High Assurance EV CA-1". This is *not* a Root CA
certificate, instead it is issued/signed by a Root CA named "DigiCert
High Assurance EV Root CA".
2) Github own certificate. This is issued/signed by the previous
certificate ("CA: DigiCert High Assurance EV CA-1").
So my web browser (that includes the list of Root CA certificates)
inspects both certificates, realizes that the first one is an
intermediate CA certificate, verifies it and then verifies the second
certificate using it. So the TLS connection gets verified.
Now my question: is it possible the same in SIP? this is, can a SIP
device (UAC, proxy, UAS) present two certificates as above? I've never
read about it for SIP.
So, assuming the above is not specified for SIP, imagine I buy a TLS
certificate in DigiCert, and such certificate is not issued by
DigiCert Root CA directly, but by an intermediate DigiCert CA. If I
use this certificate for my SIP communications it will not work since:
1) I can not present two certificates (can I?).
2) The receiver does not know how to react if it receives more than
one certificate.
3) If I just present the given certificate the receiver cannot verify
it against a list of Root CA certificates.
Could somebody clarify it please?
Thanks a lot.
--
Iñaki Baz Castillo
<[email protected]>
_______________________________________________
Sip-implementors mailing list
[email protected]
https://lists.cs.columbia.edu/cucslists/listinfo/sip-implementors
