OpenSSL 111: authorityKeyIdentifier
Dirk
noadsplease at web.de
Wed Mar 25 16:47:01 UTC 2020
Thank you Victor. Can you point me to the rfc that defines this?
Best
Am 25.03.2020 um 15:32 schrieb Viktor Dukhovni <openssl-users at dukhovni.org>:
>
>
>>
>> On Mar 24, 2020, at 11:12 AM, Dirk Menstermann <noadsplease at web.de> wrote:
>>
>> My expectation (maybe wrong) is that the serial and the issuer name belong to
>> the same X509 certificate that the key id belongs to.
>
> Your expectation is "wrong". The issuer DN in the AKID is in fact
> supposed to be the issuer's issuer. It would be redundant to
> encode the issuer DN there, it is already present in the EE
> certificate.
>
> --
> Viktor.
>
More information about the openssl-users
mailing list