The Bridge CA is a CA(hub) to bridge the two different CAs, so no need to
have a Self-signed certificate for BridgeCA.
If you are relying party in Root CA1 domain and if you want to create a
certificate path, you will probably have:
SelfCert1byRootCA1, CrossCertFromRootCA1toBridgeCA,
CrossCertFromBridgeCAtoRootCA2, UserCertByRootCA2
----- Original Message -----
From: "Suram Chandra Sekhar" <
[hidden email]>
To: <
[hidden email]>
Sent: Friday, December 09, 2005 10:22 PM
Subject: Doubt regarding x509_verify_cert
> Hi,
> I have a doubt regarding the x509_verify_cert.
>
> I used openssl to generate two Root CA certificates (Self signed) say
> Root CA1, Root CA2. I got two self-certificates say SelfCert1 from Root
> CA1 and SelfCert2 from Root CA2.
>
> In an effort to simulate a bridge CA, one more root CA is generated say
> BridgeCA. I simulated a cross certification to RootCA1 by BridgeCA (Say
> CCofRootCA1ByBridgeCA with Issuer as BridgeCA, Subject: RootCA1, PubKey of
> RootCA1).
>
> Now I try to verfiy SelfCert1, CCofRootCA1ByBridgeCA, BridgeCA using
> x509_verify_cert. This function is throwing an error saying "unable to
> find the local issuer cert" for SelfCert1.
>
> My question is
> 1. Is the above scenario correct.
> 2. If so why should it fail.
> I expect it to work because The issuer name of SelfCert1(RootCA1) is
> the subject name in CCofRootCA1ByBridgeCA whose IssuerName, BridgeCA is
> the subjectName in BridgeCA which is self-signed.
>
> Awaiting your valuable responses...
>
> Regards
> Suram
>
>
> ______________________________________________________________________
> OpenSSL Project
http://www.openssl.org> User Support Mailing List
[hidden email]
> Automated List Manager
[hidden email]
>
>
______________________________________________________________________
OpenSSL Project
http://www.openssl.orgUser Support Mailing List
[hidden email]
Automated List Manager
[hidden email]
Locked
