How does the SSLV determine which Certificate Authority to use when multiple versions are present?

book

Article ID: 168807

calendar_today

Updated On:

Products

SSL Visibility Appliance Software

Issue/Introduction

How does the SSL Visibility appliance determine which Certificate Authority to use when multiple versions are present in the External Certificate Authorities?

Resolution

The SSL Visibility's validation engine rebuilds the server certificate chain prior to validation, starting from the bottom of the chain towards the root Certificate Authority (CA). It uses the X.509 extensions to inform the algorithm which CA certificate is next. If a server certificate chain has been signed with a new CA and the SSL Visibility external CAs also has an old version of that CA, the rebuilding algorithm will pick the new CA to use.