Gordon.Young wrote, On 2008-08-05 19:45:

> I need help finding a document(s) to help me understand cross
> certification and path building/chaining in the NSS world.  

The document you want probably doesn't exist. :-(

> we are doing signing something like this:
> 
> *Private root*>subordinate issuing CA>EE cert
> 
> the private root is X-certified with the well distributed, publicly
> trusted GTE Cybertrust Global Root. during SSL Handshake we are
> sending:
> 
> X-certificate(signed by GTE)>issuing CA>EE Cert

That should work fine, assuming that the chain passes all the tests
that RFC 3280 would apply to it.

> sending the cross certificate seems to satisfy crypto API's like MS
> CAPI, Sun Java, Openssl, etc. I can't seem to find the right content
> for the root/cross certificate to satisfy NSS, to "Cross over" from
> the chain supplied during handshake, and walk up to the pre-loaded GTE
> root.

What specific error codes do you experience when you try that chain
with NSS?

Do you have a publicly accessible server that exhibits this?
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to