Thread: Mail for Exchange (MfE). Blame me here, pls
View Single Post
avs is offline avs
2009-12-07 , 13:48
Posts: 1 | Thanked: 0 times | Joined on Dec 2009
#296
Originally Posted by SubCore View Post
"CA" refers to "Certificate Authority".

if this field is not set it means your certificate is not a "public" one, it's not authorized against any of the global providers.
Not really. The CA bit in the certificate is one of the validation path constraints. It means that that certificate is supposed to be able to sign certificates under it. If a cert is not marked as a CA, prudent path validation will fail for any certs that claim to be issued by it.

End-entity certs are supposed not to have this set, even if issued by a known, "global" provider.

See http://www.ietf.org/rfc/rfc3280.txt section 4.2.1.10.