21 Aug
2008
21 Aug
'08
11:53 a.m.
Andrew Hood wrote:
Pardon me if I've missed something, but as far as I can tell the server cert isn't authorised to sign client certs, so I can't see how it could work. The CA can sign client certs.
There can be multiple levels of CA's. Verisign, your company, the local division, etc. This is all specifically allowed, and required, by SSL. My suggestion was that maybe what's needed was to mark the server cert with the CA properties. The server cert would then be an intermediate CA, which is Just Fine. Alan DeKok.