How does the SSLV determine which Certificate Authority to use when multiple versions are present?
book
Article ID: 168807
calendar_today
Updated On:
Products
SSL Visibility Appliance Software
Issue/Introduction
How does the SSL Visibility appliance determine which Certificate Authority to use when multiple versions are present in the External Certificate Authorities?
Resolution
The SSL Visibility's validation engine rebuilds the server certificate chain prior to validation, starting from the bottom of the chain towards the root Certificate Authority (CA). It uses the X.509 extensions to inform the algorithm which CA certificate is next. If a server certificate chain has been signed with a new CA and the SSL Visibility external CAs also has an old version of that CA, the rebuilding algorithm will pick the new CA to use.