Posted on October 31, 2016 at 09:55Hi Mikael,
about revoked certificates: ''Each party is responsible for verifying that the other’s certificate is valid and has not expired or been revoked. In case of one-way or mutual authentication, because certificate validation requires that root CA keys are distributed independently, it is assumed that the remote end already possess root CA certificate to accomplish the validation.''
About chains, yes, SPWF01Sx have this capability.
''Usually the certificate validation isn’t made by just one CA, but instead by a certificate chain. The chain, or path, begins with the certificate of that entity, and each certificate in the chain is signed by the entity identified by the next certificate in the chain. The chain terminates with a root CA certificate. The root CA certificate is always signed by itself, it has to be considered as a trusted CA and has to be available in the application (e.g. TLS client, web browser). The signatures of all certificates in the chain have to be verified until the root CA certificate is reached. [...] In some cases it would be easier and less expensive using self-signed certificates, for example for testing purposes or when the parties know and trust each other. A self-signed certificate is a certificate that is signed by the same entity whose identity it certifies, i.e. there is no need to an external CA.''
Regards
jerry
