Forum Discussion
Erwin_de_Brouwer
Nov 05, 2021Nimbostratus
In PKI the attributes that are used to built the CA chain are:
Preferred method implemented most of the time: AKI/SKI attributes. Authority Key Identifier of the certificate points to the Subject Key Identifier of it's signer -- public key hash values.
Alternative method:: Subject/Issuer attributes. Issuer of the certificate points to the Subject of it's signer -- named values.
Furthermore, validity of a certificate is always checked based on the "valid to" (datetime attribute) and CRL/OCSP checks.