Hi all, I need help finding a document(s) to help me understand cross certification and path building/chaining in the NSS world. I'm currently working on a project where I'd like to come up with the right recipe to build a cross certified CA with ubiquitous API support.
Thus far we have satisfied windows CAPI, OpenSSL, and Java re: with our cross certificate path, certificate profiles, SSL server config, etc. we are doing signing something like this: *Private root*>subordinate issuing CA>EE cert the private root is X-certified with the well distributed, publicly trusted GTE Cybertrust Global Root. during SSL Handshake we are sending: X-certificate(signed by GTE)>issuing CA>EE Cert This is done to enable trust by relying application's whose keystores we do not manage. These are typically users and applications outside of our enterprise. on the inside we simply push the private root via policy. sending the cross certificate seems to satisfy crypto API's like MS CAPI, Sun Java, Openssl, etc. I can't seem to find the right content for the root/cross certificate to satisfy NSS, to "Cross over" from the chain supplied during handshake, and walk up to the pre-loaded GTE root. Any documentation surrounding NSS's implementation of cross certification, path building, etc would be much appreciated! A big Thanks again! ~Gordon _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
