AnsweredAssumed Answered

How is an ssl certificate issuer validated?

Question asked by textEditor on Apr 7, 2014
Latest reply on Apr 22, 2014 by Ivan Ristić

I'm curious how an SSL certificate issuer is validated. As in, if that issuer actually issued the certificate. I know the CRL and OCSP should be checked, and that the certificate should be valid. However, most of my searches result in just that if the Issuer DN attribute in the certificate matches the Issuers certificate Subject Name then it is deemed correct.


However, what if I give out a CA with the same Subject name as the issued certificate has as it's issuer DN? Not regarding the entire process of getting my root to the user and such.


I also cannot seem to find any more attributes except for two optional attributes which give more information about the issuer.


Can I take an issuer certificate and do some kind of math / operation myself (not just openssl verify, I want to understand it better) to validate the certificate against its said issuser certificate other than see if the names match?