Ooops, tiny mistake: > Again, the "fake IC" is a certificate signed by the manufacturer's CA > with no AKID.
This part was incorrect. It should read "with its SKID". So the short version is: Simply have the manufacturer's CA sign the CA's IC. Use that IC along with the CA's IC in the server. It should then magically work. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
