If a PKCS 7 certificate package contains more than one certificate, the product considers all certificates except the first certificate to be certificate authority (CA) certificates. For a PKCS 12 certificate package, any certificate that lacks a “local key ID” is considered a CA certificate.
The product sorts the CA certificates (to determine the hierarchy) and then inserts the certificates in hierarchical order under the CERTAUTH ID so that each certificate in the package can be verified using its previously inserted signing certificate. The inserted CA certificates have a record ID in AUTOnnnn format, where nnnn is a number between 0001 and 9999. The product also inserts the end-entity certificate.
Note: The highest-level CA certificate will not necessarily have an AUTOnnnn number less than the other CA certificates being inserted.
A CA certificate that is already known to CA Top Secret retains trust status. If an error occurs during the addition of certificates from a certificate package, the product does not perform CERTAUTH assignments for certificates that were already added.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|