I'm seeing some behavior that goes against my understanding of PKI and was wondering if I could get some input from somebody that has experience with this type of setup. Here is the CA part:
Root CA1
Intermediate CA2 cert issued by CA1
The smartcard has a cert issued by CA2. The ASA only has the Root CA1 cert in it's cert store/trustpoint. It does not have the Intermediate CA2 cert in cert store/trustpoint. According to the documentation, in order for the ASA to authenticate the smartcard cert it needs every cert in the chain. This is also a basic PKI/Chain of Trust concept. However, the ASA is successfully authenticating the smartcard cert. Am I missing something here?
No comments:
Post a Comment