[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Trust Anchors

26 feb 2008 kl. 16.19 skrev Thomas Harning Jr:

> Quick Question:
> If a domain controller's certificate is issued by one of the 'Trust  
> Anchors', will it validate successfully,
> or do you have to add the actual DC cert into a trust anchor store  
> in order for it to work?

If its send back in the PK-INIT reply, it doesn't need to be in the  
store in the client. The client only need to be able to build a path  
to any of the trust anchors that it have configured.