Test Case 1:
Add subdepart.testhosp.com Cert(signed by Test Hospital CA) to test.com’s trust anchor.
subdepart.testhosp.com and test.com can talk to each other successfully.
Test Case 2:
Add Test Hospital CA(signed by Mock CA) to test.com’s trust anchor.
subdepart.testhosp.com and test.com can talk to each other
successfully.
Test Case 3:
Add Mock CA (self-signed) to test.com’s trust anchor.
subdepart.testhosp.com and test.com can talk to each other
successfully.
NOTICE:
1. In the JAVA reference implementation, direct
project by default support max trust chain length 5(hard coded).
2. Each
intermediate CA must have cn attribute same as their domain. For example, in test case 2, the issuer CA of subdepart.testhosp.com is Test Hospital CA, and the issuer CA of Test Hospital CA is mockCA.com.
So if subdepart.testhosp.com s issue CA(Test Hospital CA) is not in the trust list, then Test Hospital CA must have CN set to testhosp.com otherwise, direct will not know
where to retrieve the certificate of testhosp.com.
No comments:
Post a Comment