Validate signatures using Anchored certificate trust model

irfan sarwar isarwar3334 at
Mon May 13 17:04:55 EDT 2019


above is the documentation i found which i believe is stating i need to use
PKIX (also known as dynamic pkix) or StaticPKIX in order to make use of the
anchored trust model.
what's missing is only StaticPKIX has an explicitly listed attribute for
CRL revocation check.  (checkRevocation fullchain)
1.) Does this mean CRL is automatically done on the dynamic PKIX?
2.) what about checking expiration?
3.) does this mean all I would need to do for an Anchor verification is set
the trust engine like so:
         <TrustEngine type="PKIX">
and my requirement for Validating signatures using Anchored certificate
trust model would be complete?

above lists 3 types of trust engines, not 4 but the text says there are 4.

Thank you,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list