Shaun Crampton wrote:
Hi,
I have a server that needs to serve content to two groups of clients
over HTTPS. One group of clients are standard web browsers, with the
normal group of trusted roots. The other group are embedded devices
that only support certificates signed by the manufacturer's trusted
root (which in not a standard browser trusted root).
Is there any way to accomplish this while using only one domain? E.g.
is it possible for me to send a CSR to Thawte, get back the
certificate and then send it on to the embedded device manufacturer
for an additional signature? Will browsers support it?
are these embedded device certificates the device's client certs? or
do they require that the SERVER cert is issued from this manufacturer CA ?
if its just the client certs, then you just need to import the
manufacturer's public CA cert on your server to authenticate the client
certs.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
