Re: Derving the root CA's cert from a given SSL cert
No (with qualifications). If the server sends you the entire
certificate chain, then yes you can retrieve the root certificate
since it was sent to you.
If the server only sends you it's certificate, then all you have is
the server's pubic key digitally signed by the issuer. The issuer's
certificate is not embedded within.
On Jun 1, 2005, at 11:01 AM, Davy Durham wrote:
> I was wondering if it's possible to derive (or extract?) the root
> CA's cert from an given SSL cert using openssl.
> What I mean by "root CA's cert" is the certficate that would be
> installed in a browsers list of trusted CAs.
> For instance if I have an SSL certificate signed by verisign, I
> would like to get verisign's certificate out of that cert that
> would have to be in the browser's trusted list (for it to be trust).
> Is this possible?
> OpenSSL Project http://www.openssl.org > User Support Mailing List [hidden email] > Automated List Manager [hidden email] >