Manfred, > since the public key of trust_new.pem is the same as that of trust.pem > it should make no difference when it comes to decrypting the hash of > a-sign.pem ... but I might be totally wrong of course as well...?
this is the issue... the public key and private key of trust.pem are not the same as the keys for trust_new.pem. They have the same fields in the DN, but do not share the same keys (if they do then this is bad practice by the issuers), so it is a different key that signed the a-sign.pem and so your trust chain is broken. Chris... ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
