... | @@ -35,6 +35,8 @@ Note 2: each CA shall be provided with an associated Certificate Revocation List |
... | @@ -35,6 +35,8 @@ Note 2: each CA shall be provided with an associated Certificate Revocation List |
|
|
|
|
|
Note 3: certificates issued by trusted CA don't need to be provided to the PKI.
|
|
Note 3: certificates issued by trusted CA don't need to be provided to the PKI.
|
|
|
|
|
|
|
|
Note 4: unknown self-signed certificates are not trustworthy.
|
|
|
|
|
|
In addition, there are two more concepts:
|
|
In addition, there are two more concepts:
|
|
* A link (or intermediate) CA is part of the certificate validation chain. All links between a certificate and a root certificate must be provided (and sorted in child to parent order).
|
|
* A link (or intermediate) CA is part of the certificate validation chain. All links between a certificate and a root certificate must be provided (and sorted in child to parent order).
|
|
* A root CA is always trusted, even if there are other root CAs that signed it. Hence the parent of root CAs will never be checked, and the validation stops on root CAs.
|
|
* A root CA is always trusted, even if there are other root CAs that signed it. Hence the parent of root CAs will never be checked, and the validation stops on root CAs.
|
... | | ... | |