OpenSSL › OpenSSL - User

Derving the root CA's cert from a given SSL cert

_‹ Previous Topic Next Topic _›

Classic

List

Threaded

2 messages Options

Davy Durham

Derving the root CA's cert from a given SSL cert

Hi,
I was wondering if it's possible to derive (or extract?) the root CA's
cert from an given SSL cert using openssl.

What I mean by "root CA's cert" is the certficate that would be
installed in a browsers list of trusted CAs.

For instance if I have an SSL certificate signed by verisign, I would
like to get verisign's certificate out of that cert that would have to
be in the browser's trusted list (for it to be trust).

Is this possible?

Thanks,
Davy

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]

Joseph Oreste Bruni

Re: Derving the root CA's cert from a given SSL cert

No (with qualifications). If the server sends you the entire
certificate chain, then yes you can retrieve the root certificate
since it was sent to you.

If the server only sends you it's certificate, then all you have is
the server's pubic key digitally signed by the issuer. The issuer's
certificate is not embedded within.

On Jun 1, 2005, at 11:01 AM, Davy Durham wrote:

> Hi,
> I was wondering if it's possible to derive (or extract?) the root
> CA's cert from an given SSL cert using openssl.
>
> What I mean by "root CA's cert" is the certficate that would be
> installed in a browsers list of trusted CAs.
>
> For instance if I have an SSL certificate signed by verisign, I
> would like to get verisign's certificate out of that cert that
> would have to be in the browser's trusted list (for it to be trust).
>
>
> Is this possible?
>
> Thanks,
> Davy
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [hidden email]
> Automated List Manager [hidden email]
>

smime.p7s (3K) Download Attachment