Frans de Boer wrote: > > @Kyle, one site using multiple CA's? ... > > Frans. >
Not meaning multiple CA's, but rather sub-CA's. As you know the chain to get to the final cert can have several steps. You still have MyCorp or MyOrg as the only self signed CA, but MyOrg-Plants sub CA and MyOrg-Cars is also a CA derived from MyOrg and it simplifies the procedures I mention above at SSLRequire directive, because the filter is based on Sub-CA and not on EVERY client. -- View this message in context: http://www.nabble.com/One-CA-for-many-clients-%28a-silly-question%29-tp24510806p24559727.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
