This is a discussion on Re: [openssl.org #1282] error setting AuthorityKeyIdentifier - Openssl ; On Fri, Feb 10, 2006, Tim Bond via RT wrote: > > I am doing some interop testing with a toolkit that performs PKIX > certificate verification and it is having a problem validating a chain I > built with ...
On Fri, Feb 10, 2006, Tim Bond via RT wrote:
> I am doing some interop testing with a toolkit that performs PKIX
> certificate verification and it is having a problem validating a chain I
> built with OpenSSL. What appears to be happening is that when 'ca' copies
> in the authority key information into the client certificate, it is pulling
> in the CA subject from my root CA instead of my intermediate CA (marked
> *wrong* below).
> If you look at the following chain (leaf->intermediate->root CA), you will
> notice the subject key/authority keys are correct. The authority serial
> numbers are correct. But, the leaf certificate has the rootCA's subject DN.
> It should be the intermediate CA's subject DN.
This question has been asked quite a few times before. OpenSSLs behaviour is
correct. I suggest you check the archives for detailed reasons.
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
OpenSSL Project http://www.openssl.org
Development Mailing List email@example.com
Automated List Manager firstname.lastname@example.org