Gordon.Young wrote, On 2008-08-05 19:45: > I need help finding a document(s) to help me understand cross > certification and path building/chaining in the NSS world.
The document you want probably doesn't exist. :-( > we are doing signing something like this: > > *Private root*>subordinate issuing CA>EE cert > > the private root is X-certified with the well distributed, publicly > trusted GTE Cybertrust Global Root. during SSL Handshake we are > sending: > > X-certificate(signed by GTE)>issuing CA>EE Cert That should work fine, assuming that the chain passes all the tests that RFC 3280 would apply to it. > sending the cross certificate seems to satisfy crypto API's like MS > CAPI, Sun Java, Openssl, etc. I can't seem to find the right content > for the root/cross certificate to satisfy NSS, to "Cross over" from > the chain supplied during handshake, and walk up to the pre-loaded GTE > root. What specific error codes do you experience when you try that chain with NSS? Do you have a publicly accessible server that exhibits this? _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto