[Mono-bugs] [Bug 76279][Nor] Changed - CERT_E_CHAINING problem for server certificate

bugzilla-daemon at bugzilla.ximian.com bugzilla-daemon at bugzilla.ximian.com
Mon Oct 3 09:34:09 EDT 2005

Please do not reply to this email- if you want to comment on the bug, go to the
URL shown below and enter your comments there.

Changed by sebastien at ximian.com.


--- shadow/76279	2005-10-03 06:47:32.000000000 -0400
+++ shadow/76279.tmp.3040	2005-10-03 09:34:09.000000000 -0400
@@ -181,6 +181,36 @@
 Yngve Zackrisson.
+------- Additional Comments From sebastien at ximian.com  2005-10-03 09:34 -------
+Remember that the Mono tool for creating certificates is "makecert".
+You are free to use other tools but their specific functions (i.e.
+anything outside the X.509 structure) just won't work. So trusting a
+certificate with OpenSSL won't affect Mono in any way (i.e. it won't
+make this certificate trusted automagically) no more than trusting a
+certificate on Windows would.
+About the stores:
+* Only self-signed that you trust should be installed in Mono's
+'Trust' certificate store. 
+* The 'CA' store is (just like in Windows) for "intermediate CA", i.e.
+for non-self signed CA part of a hierarchy.
+* Having a certificate in 'both' stores _should_ works with the
+current chaining algorithm but this could change anytime so please
+don't depend on that (e.g. as it affects the maximum length of a CA
+About CAs...
+* Is there any reason why you want to have two separate roots for
+issuing SSL server certificates and SSL client certificates ? This
+seems only more work (in particular for client configuration) and
+doesn't help security (as your system will fail if either root is

More information about the mono-bugs mailing list