[openssl-users] Trusting certificates with the same subject name and overlapping validity periods
openssl at jordan.maileater.net
Wed Sep 20 21:13:14 UTC 2017
On 9/20/2017 10:28 AM, Walter H. via openssl-users wrote:
> On 20.09.2017 18:33, Jordan Brown wrote:
>> Q: Does OpenSSL's trust-list verification support trusting multiple
>> certificates with the same subject name and overlapping validity periods?
> do these replacement certificates have the same serial number and the
> same private key?
I'll check with my colleague who is doing the actual work, but...
I assume that they do not have the same serial number, since they are
I don't know whether they have the same private key. For discussion
purposes, let's say that they might or might not have the same key.
Remember that these are customer-controlled certificates; I don't get to
tell them how the certificates should be structured.
Note that this would be easy if each successive certificate had a
different Subject, because then the trust list could contain all of them
and there would be no possibility for confusion. But they don't.
Jordan Brown, Oracle Solaris
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users