[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl] ChainVerifier and VeriSign

I have a problem when using the ChainVerifier and VeriSign root certificates. The VeriSign root certificate expired Dec 31 1999, but is still being used to sign server certificates. Meanwhile, VeriSign has issued a new root certificate, but it has the same Principal field as the old one.

The ChainVerifier (iaik.security.ssl.ChainVerifier) keeps a hashtable which maps Principal to certificates. Since both VeriSign root certificates have the same Principal, only one of them can be in the ChainVerfier's list of trusted certificates.

Since the old one is still being used, but I guess the intention is to start using the new one, I would like to have both these root certificates as trusted. Is there a nice way to accomplish this, or maybe I am missing something obvious here?

Best regards,

Mårten Trolin
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl