There's a small debate going on in my company regarding certificates issued and signed by an internal CA. I'm getting the certs, and they say the certs are signed, but when I pull them up in DataPower, I can clearly see that the cert was issued by the CA, but I see no indication it is signed.
It is is signed, shouldn't I also see the "authorityKeyIdentifier" in the "Extensions" section?
NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
This topic has been locked.
5 replies Latest Post - 2013-04-05T16:40:12Z by SystemAdmin
Pinned topic How to tell if certificate is signed?
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2013-04-05T16:40:12Z at 2013-04-05T16:40:12Z by SystemAdmin
inestlerode 270001CUTT166 Posts
inestlerode 270001CUTT166 PostsACCEPTED ANSWER
Re: How to tell if certificate is signed?2013-04-05T16:00:10Z in response to SystemAdminThere is no requirement that certificates use the authorityKeyIdentifier extension. The only requirement is that the issuing CA will have its Distinguished Name present in the Issuer field. There may or may not be an authorityKeyIdentifier (this is mainly used to disambiguate which signing key a CA used when a CA uses more than one key for signing).