Re: X509v3 extensions

Mon, 27 Sep 1999 23:34:15 -0700 

Thanks for the response, but it seems you've misunderstood me.

 >> Now, I took a look at the certs, I noticed that all of them
 >> start with "-----BEGIN X509 CERTIFICATE-----".  When I originally
 >> got these from Thawte, the header was "-----BEGIN CERTIFICATE-----".

 >Yes, OpenSSL looks for "BEGIN CERTIFICATE", so just
 >remove the "X509" part and try again.


When I said "all of them" I was referring to the Thawte certs that
has already been installed using the stronghold "getverisign" command
over a year ago, using our old software. I have no problem with these,
they work fine with OpenSSL & mod_ssl.

The *new* cert I have from Thawte starts with just 
"-----BEGIN CERTIFICATE-----", as all of the others I have ever
gotten in the past from Thawte.  The only difference now is that
this is a v3 cert, not v1, as all these others were.

You said to remove the X590, but it isn't there.  The new cert from
Thawte doesn't have this in the header and it still won't work.
Please again see my original message.

http://www.progressive-comp.com/Lists/?l=apache-modssl&m=93808996711717&w=2

The main problem is that the 'Makefile' in 'ssl.crt' doesn't
recognize the new style v3 cert from Thawte and thus will not
create a "hash link" for it.

Is there some sort of equivelent to the "getversign" command
in OpenSSL?  Or was the purpose or the getverisign command
simply to move the cert from a temp file into the "certs"
directory and create a hash link?

I have put my time in on this one, I have spent almost 15 hours
on the problem.  Can somebody please shed some light?


Thank you..
-Chris




At 11:36 AM 9/27/1999 +0200, you wrote:
>On Wed, Sep 22, 1999, WSO Support wrote:
>
> > [...]
> > I get the following error:
> > unable to load certificate
> > error:0906906C:PEM routines:PEM_read:no start line
> > 
>
>
> > I was using an OLD version of SSLeay, where I would issue the
> > command 'getversign domain < tempfile'  
> > [...]
>
>"getverisign" was from Stronghold, not from SSLeay.
>
>                                        Ralf S. Engelschall
>                                        [EMAIL PROTECTED]
>                                        www.engelschall.com
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
>User Support Mailing List                      [EMAIL PROTECTED]
>Automated List Manager                            [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to