Re: Trusting certificates with the same subject name and overlapping validity periods

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 9/20/2017 10:28 AM, Walter H. via openssl-users wrote:
On 20.09.2017 18:33, Jordan Brown wrote:

Q:  Does OpenSSL's trust-list verification support trusting multiple certificates with the same subject name and overlapping validity periods?

do these replacement certificates have the same serial number and the same private key?

I'll check with my colleague who is doing the actual work, but...

I assume that they do not have the same serial number, since they are new certificates.

I don't know whether they have the same private key.  For discussion purposes, let's say that they might or might not have the same key.

Remember that these are customer-controlled certificates; I don't get to tell them how the certificates should be structured.

Note that this would be easy if each successive certificate had a different Subject, because then the trust list could contain all of them and there would be no possibility for confusion.  But they don't.

-- 
Jordan Brown, Oracle Solaris
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux