On Thu, Sep 23, 2004 at 02:47:20PM +0200, Richard Levitte - VMS Whacker wrote:
> That is an entirely different question. You can place all relevant > certificates in a PKCS#12 file, or just concatenate them in one .PEM > file. Would you mind to clear it out for me... It any CA has been cross-certified with another one, all users of that CA have to import their CA's cross-certificate in order to trust users of another CA, but they still has to keep old CA cert, right? What if user import new cross-certificate only, without installing old CA cert? I suppose it depends on functionality of cross-certificate... And the last one, imagine two cross-certified CAs which were, for example, self-signed, suddenly resign their root certs in order to be subordianted by new Root CA (e.g. their new certificates signed by those root CA). What about new certificate chain for users of those CAs, will it be based on cross ceritifcate, of based on new root CA. e.g. CA1 and CA2 are cross-certified, both subordinated by CA0. For user of CA1, picking certificate of user of CA2, the chain will be: [CA1] -- [CA2] or [CA1] -- [CA0] -- [CA2] thanx for advance ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
