This chapter explains some common reasons for authentication failures during the SSL handshake:
Authentication often involves a chain of trusted certificates. The digital signature on a user certificate is verified with the public key from the certificate for the issuing CA. If that CA certificate is a root certificate, the verification process is complete. If that CA certificate was issued by an intermediate CA, the digital signature on the intermediate CA certificate must itself be verified. This process continues along a chain of CA certificates until a root certificate is reached. In such cases, all certificates in the chain must be verified correctly. If the key repository on the machine that is performing the authentication does not contain a valid chain leading to a root certificate, authentication fails. For more information, refer to How certificate chains work.
A Certification Authority can revoke a certificate that is no longer trusted by publishing it in a Certificate Revocation List (CRL) or Authority Revocation List (ARL). For more information, refer to Working with Certificate Revocation Lists and Authority Revocation Lists.
For more information about the terms used in this chapter, refer to:
Notices |
Downloads |
Library |
Support |
Feedback
![]() ![]() |
c00stuaf |