[openssl-users] OpenSSL Certificate Cross Signing

Moritz Wirth mw at flanga.io
Wed Mar 15 18:46:07 UTC 2017

Good Evening all,

I have 2 Root Certificate Authorities which I want to use to cross sign
an intermediate certificate. I created a certificate request and signed
it with both CAs.

I issued an end user certificate with the intermediate CA and added both
intermediate CA Certificates (the one from Root1 and the one signed by
Root2). If only one CA is trusted, the certificate is still recognized
as trusted in Firefox regardless which certificate is on top of the
chain (Which is exactly what I want.)

I wondered if I can connect both intermediate Certificates to a single
certificate or do I always need both certificates?

Best Regards,


More information about the openssl-users mailing list