Absolutely. You have to have your root cert signed by their root key, so the chain can be verified. This is pretty much what PKI is all about.
Thawte (http://www.thawte.com) used to have information on their website about to do just that. However, I can't seem to find it (things changed when Verisign purchased them :-<). Does anyone have specific URL's about this? Nick *********** REPLY SEPARATOR *********** On 10/29/2001 at 3:02 PM Juan Carlos Albores Aguilar wrote: >is the following possible?? if so, could you explain me how or point me >documentation about it??. >I create end-user certificates and sign them by my own CA, this kind of >PKI is working on a apache+openssl+modssl system and i would like to make >this certificates to be accepted to other CA's, in somehow, to >interoperate with other certificates or higher, that my CA interoperates >with other CA's. I understan that we're working with X.509 certificates so >the "fields thing" cannot change but i'm talking about when other CA has >the same structure for its certificates and i want to take its >certificates as mine or viceversa, let's say, Verisign certificates, is it >technically possible that its certificates and ours could interoperate?? >or maybe with DoD certificates??. Of course it has to be an agreement and >all those, i repeate, technically. > >Any comments or directions will help so please comment, thanks. > >Juan Carlos Albores Aguilar > > >_________________________________________________________ >Do You Yahoo!? >Get your free @yahoo.com address at http://mail.yahoo.com > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
