Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Why does OpenSSL set the authority key identifier (AKID) extension incorrectly?

authority extension identifier incorrectly key OpenSSL
0
Posted

Why does OpenSSL set the authority key identifier (AKID) extension incorrectly?

0 CommentsAdd a Comment

1 Answer

0

It doesn’t: this extension is often the cause of confusion. Consider a certificate chain A->B->C so that A signs B and B signs C. Suppose certificate C contains AKID. The purpose of this extension is to identify the authority certificate B. This can be done either by including the subject key identifier of B or its issuer name and serial number. In this latter case because it is identifying certifcate B it must contain the issuer name and serial number of B. It is often wrongly assumed that it should contain the subject name of B. If it did this would be redundant information because it would duplicate the issuer name of C.

0 CommentsAdd a Comment

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.

Experts123