I haven't checked the archives, but if I'm not mistaken, it's because
it's (presumably) the rootCA that is the original trusted authority
(the 'trust anchor'), and thus the authorityKeyIdentifier is the
anchor rather than the CA that derives its trust from the anchor?

(Also: if the question has been asked quite a few times before, why
isn't the answer in the FAQ?)

-Kyle H

On 2/10/06, Dr. Stephen Henson wrote:
> On Fri, Feb 10, 2006, Tim Bond via RT wrote:
>
> This question has been asked quite a few times before. OpenSSLs behaviour=

is
> correct. I suggest you check the archives for detailed reasons.

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org