On 13.01.2012 10:15, Curt Sampson wrote: > On 2012-01-13 09:54 +0100 (Fri), Johannes Bauer wrote: > >> Let's say I have some "ultimate" root A which has issued a sub-CA "B" >> for me. I use "B" to create, for example, a certificate for my webserver >> "D". >> >> Now I have clients which should only connect to webservers that have >> been issued by "D". I configure the webserver to only send "D".... > > I think you meant, "B" there.
Ah, yes. >> I really hope I explained this well enough, it's kind of hard via mail, >> I'm afraid. > > I think understand exactly what you are doing and why you want to do it. > (I have similar issues within a system in which I'm working.) Ah, good, then I explained it well enough :-) Do you have a solution for your scenario? Do you manually check certificates? Or is there some workaround? Best regards, Joe ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
