[openssl-users] Trusting certificates with the same subject name and overlapping validity periods

Jordan Brown openssl at jordan.maileater.net
Wed Sep 20 16:33:53 UTC 2017


Q:  Does OpenSSL's trust-list verification support trusting multiple
certificates with the same subject name and overlapping validity periods?

In more detail:

We have customers who issue replacement certificates with the same
subject name and different validity periods.  We'd like to be able to
straightforwardly add the new certificates to the trust list and have
them work, but seem to find that certificate verification doesn't handle
the case.  (Mozilla NSS does seem to handle it.)

-- 
Jordan Brown, Oracle Solaris

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170920/dd73b6f5/attachment.html>


More information about the openssl-users mailing list