- You should not share the
*pfxas it contains the private key.
- The trust to the signature comes from the trust chain – so when the issuing CA and all intermediate CAs up to the root CA are in the trust store (
Windows Trust Store,
MAC Key Chainor
cacerts.pemfor OpenSSL/Java) the signature is trusted as long as
- the certificate is not revoked
- the signature certificate is not expired or the signature contains a counter signature (RFC3161 timestamp).
CLICK HERE to find out more related problems solutions.