On 08/14/2014 01:31 PM, lst_hoe02(a)kwsoft.de wrote:
Hello,
we have one certificate from a customer which throws the following error
and is therefore not usable for description: "Error building certPath.
Subject email address is not from a permitted subtree."
Other certificates from the same company works fine and i have not yet
find out what the difference is :-(
Any idea what went wrong with this certificate?
Certificates may have name constraints (although this is not (yet) often
used which constrain the usage of the certificate to some specific tree.
For example this is used to issue an intermediate certificate which is
then only allowed to issue certificate with an email address from some
specific domain instead of all domains (the name constraint).
Can you send me the certificate (the complete tree if that is possible)
so I can investigate it.
Kind regards,
Martijn Brinkers
--
CipherMail email encryption
Open source email encryption gateway with support for S/MIME, OpenPGP
and PDF messaging.
http://www.ciphermail.com
Twitter:
http://twitter.com/CipherMail