Paul wrote: >> But how to tell your customers that you do not support all certs of >> the MS Root Certificate Program?? > > That's unexplanable to a user :-( > If possible, you could add the trouble CA's yourself and import all > others. I only had troubles with Verisign.
That's no solution, since once those different certificates with the same name (subjectOneline) are included in the trusted CAs, verify will fail on one of those 'dups', depending on which one was found first. Same happens when a CA renews an expired CA cert with the same subject. In this case the workaround was to remove the expired cert when you add the renewed one, but that's not realy user-friendly, isn't it? -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be