https://stackoverflow.com/questions/16993700
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianYou must perform validation of each certificate in the chain, and more - you need to use CRLs and OCSP servers (when the corresponding information is available in the certificates), and as CRLs and OCSP responses are signed, you need to build certificate chains there and validate all of them as well.
Trusting a certificate by trusting only part of the certificates
-
31-05-2022 - |
質問
Assume I have Alice's certificate, and its certificate chain is built out of N certificates. Is it enough to verify (and trust) the root of the chain (for instance, VeriSign), or do I have to trust (and verify) each and every certificate?
Out of my understanding, I need to trust and time validate the root of the chain certificate and only time validate all the other certificates in the chain. Am I right?
解決
所属していません StackOverflow
