The Bridge CA is a CA(hub) to bridge the two different CAs, so no need to
have a Self-signed certificate for BridgeCA.
If you are relying party in Root CA1 domain and if you want to create a
certificate path, you will probably have:
SelfCert1byRootCA1, CrossCertFromRootCA1toBridgeCA,
CrossCertFromBridgeCAtoRootCA2, UserCertByRootCA2
----- Original Message -----
From: "Suram Chandra Sekhar" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Friday, December 09, 2005 10:22 PM
Subject: Doubt regarding x509_verify_cert
Hi,
I have a doubt regarding the x509_verify_cert.
I used openssl to generate two Root CA certificates (Self signed) say
Root CA1, Root CA2. I got two self-certificates say SelfCert1 from Root
CA1 and SelfCert2 from Root CA2.
In an effort to simulate a bridge CA, one more root CA is generated say
BridgeCA. I simulated a cross certification to RootCA1 by BridgeCA (Say
CCofRootCA1ByBridgeCA with Issuer as BridgeCA, Subject: RootCA1, PubKey of
RootCA1).
Now I try to verfiy SelfCert1, CCofRootCA1ByBridgeCA, BridgeCA using
x509_verify_cert. This function is throwing an error saying "unable to
find the local issuer cert" for SelfCert1.
My question is
1. Is the above scenario correct.
2. If so why should it fail.
I expect it to work because The issuer name of SelfCert1(RootCA1) is
the subject name in CCofRootCA1ByBridgeCA whose IssuerName, BridgeCA is
the subjectName in BridgeCA which is self-signed.
Awaiting your valuable responses...
Regards
Suram
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
