Certificate chaining engine (CCE) - choice between "extact match" and "key match"


  • Hello,

    I know that there are 2 modes for rebuilding the certification chain.

    One is the "exact mach":

    In the AKI there is keyid, subject name and the serial number of the issuer's cert. So in the issuer's certificate the KeyInfo has to match the KeyInfo into the SKI, the subject name has to the subject in the cert, and the serial number has to match the one in the cert

    Concerning the "key match", there is only the keyid in the AKI that has to match the SKI of the issuer's cert

    The question how to choose between these two modes, can we switch from one mode to the other one?



    Thursday, June 14, 2018 8:48 AM


All replies