The RFC 5280 is for path building and validation when certificates are being
used. It is not meant for validation during certificate creation. As Rich
indicated OpenSSL will sign anything you present.
With kind regards,
Patrick Tronnier
Principal Security Architect &
Sr. Director of Qua
CA it has in SSLCACertificateFile? Yes. And if "who"
signed the client certificate is NOT in the SSLCACertificateFile the server
will attempt to download the signing certificate.
Hope this helps.
Sincerely,
Patrick Tronnier
Principal Security Architect
Open Access Technology Internat
Have you tried this with a non "self signed certificate". ie. The subject
and issuer of the cert should be different for client/end user certs.
Sincerely,
Patrick Tronnier
Principal Security Architect
www.oaticerts.com
CONFIDENTIAL INFORMATION: This email and any attachment(
