Jason Keltz wrote:
> Can someone explain why the server has to pass along the certificates from
> the CAs though? I don't quite understand. I'm new to this all. Isn't it
> up to the server to send out just the certificate, and then up to the
> client to do the checks? I mean, isn't it counter-productive -- couldn't
> the server (be it imap or http) somehow send along fake CA certificates
> that make the real certificate look as if it were truly signed when it's
> not?
I believe I once saw on the Equifax site that they use signing certificates signed
by Thawte -- so its possible that their certificate is not in the browser but that
the browser can verify the Equifax certificate against the Thawte cert, and then
verify yours against the Equifax cert.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
