Paul wrote:
>> But how to tell your customers that you do not support all certs of
>> the MS Root Certificate Program??
> 
> That's unexplanable to a user :-(
> If possible, you could add the trouble CA's yourself and import all
> others. I only had troubles with Verisign.

That's no solution, since once those different certificates with the same 
name (subjectOneline) are included in the trusted CAs, verify will fail on
one of those 'dups', depending on which one was found first.
Same happens when a CA renews an expired CA cert with the same
subject. In this case the workaround was to remove the expired cert when
you add the renewed one, but that's not realy user-friendly, isn't it? 

--
Arno Garrels
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to