[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: [iaik-ssl] ChainVerifier and VeriSign



Hi,

Below are the two certificates I try to import:

-----BEGIN CERTIFICATE-----
MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
-----END CERTIFICATE-----   
-----BEGIN CERTIFICATE-----
MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
-----END CERTIFICATE----- 

Any hint you can give is appreciated!

/Mårten



-----Original Message-----
From: "Ahmed, Zahid" <zahid.ahmed@commerceone.com>
To: 'Marten Larsson-Trolin' <marten@mail.ru>
Date: Thu, 28 Dec 2000 11:27:51 -0800
Subject: RE: [iaik-ssl] ChainVerifier and VeriSign

> Can you provide thye specific Verisign root certificate fille
> (in .cer or pkcs7 format) please?
> 
> thanks,
> Zahid
> 
> -----Original Message-----
> From: Marten Larsson-Trolin [mailto:marten@mail.ru]
> Sent: Thursday, December 28, 2000 9:01 AM
> To: iaik-ssl@iaik.at
> Subject: [iaik-ssl] ChainVerifier and VeriSign
> 
> 
> I have a problem when using the ChainVerifier and VeriSign root
> certificates. The VeriSign root certificate expired Dec 31 1999, but is
> still being used to sign server certificates. Meanwhile, VeriSign has issued
> a new root certificate, but it has the same Principal field as the old one.
> 
> The ChainVerifier (iaik.security.ssl.ChainVerifier) keeps a hashtable which
> maps Principal to certificates. Since both VeriSign root certificates have
> the same Principal, only one of them can be in the ChainVerfier's list of
> trusted certificates.
> 
> Since the old one is still being used, but I guess the intention is to start
> using the new one, I would like to have both these root certificates as
> trusted. Is there a nice way to accomplish this, or maybe I am missing
> something obvious here?
> 
> Best regards,
> 
> Mårten Trolin
> --
> Mailinglist-archive at
> http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html
> 
> To unsubscribe send an email to listserv@iaik.at with the folowing content:
> UNSUBSCRIBE iaik-ssl
>  
> 
--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl