Re: [openssl-users] Are double-quotes valid characters in certifcates/keys?
Thanks everyone for the quick and generous help !! I am really thankful to everyone's time. Thanks and Regards, Ajay On Tue, Apr 12, 2016 at 7:08 PM, Salz, Richwrote: > >> Except when you want more people (usually everybody) access to the CRT, >> but few people (usually one or two trusted server >> processes) access to the private KEY. >> >> Then using two different files will make a lot of sense. > > Oh yes, absolutely! Don't give out the private kkey :) > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- Regards, Ajay -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Are double-quotes valid characters in certifcates/keys?
> Except when you want more people (usually everybody) access to the CRT, > but few people (usually one or two trusted server > processes) access to the private KEY. > > Then using two different files will make a lot of sense. Oh yes, absolutely! Don't give out the private kkey :) -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Are double-quotes valid characters in certifcates/keys?
On 11/04/2016 18:57, Salz, Rich wrote: You can merge the two files into one. As long as they are in PEM format, it will just work. Except when you want more people (usually everybody) access to the CRT, but few people (usually one or two trusted server processes) access to the private KEY. Then using two different files will make a lot of sense. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Are double-quotes valid characters in certifcates/keys?
You can merge the two files into one. As long as they are in PEM format, it will just work. -- Senior Architect, Akamai Technologies IM: richs...@jabber.at Twitter: RichSalz -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Are double-quotes valid characters in certifcates/keys?
Hi All. Thanks for the help. The certificate is a ".crt.pem". Key is a ".key". Anyhow, earlier I was thinking of saving the certificate+key in a file, where double-quotes were delimiters. But, I have rejected that idea; instead saving them in their respective files :) So, the question becomes obsolete. Anyhow, I am thanks (and sorry at the same time) for everyone's time. Thanks and Regards, Ajay On Mon, Apr 11, 2016 at 8:56 PM, Viktor Dukhovniwrote: > On Mon, Apr 11, 2016 at 10:01:33AM +0530, Ajay Garg wrote: > > [ Subject: Are double-quotes valid characters in certifcates/keys? ] > >> Could not find a definitive answer on google, so thought it would be >> best to ask the experts :) > > The question is ill-formed. Are you asking about allowed characters > in some field of the underlying canonical ASN.1 DER form of a > certificate, or about some particular encoding of the certificate > (e.g. PEM)? > > If the former, X.509v3 certificates are complicated objects, which > part of the certificate are you asking about? > > As for keys, in their ASN.1 DER encoding they are "binary" data, > and all octets are a priori valid in a public key. A public key > algorithm that prohibits 0x22 seems unlikely. > > -- > Viktor. > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- Regards, Ajay -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Are double-quotes valid characters in certifcates/keys?
On Mon, Apr 11, 2016 at 10:01:33AM +0530, Ajay Garg wrote: [ Subject: Are double-quotes valid characters in certifcates/keys? ] > Could not find a definitive answer on google, so thought it would be > best to ask the experts :) The question is ill-formed. Are you asking about allowed characters in some field of the underlying canonical ASN.1 DER form of a certificate, or about some particular encoding of the certificate (e.g. PEM)? If the former, X.509v3 certificates are complicated objects, which part of the certificate are you asking about? As for keys, in their ASN.1 DER encoding they are "binary" data, and all octets are a priori valid in a public key. A public key algorithm that prohibits 0x22 seems unlikely. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Are double-quotes valid characters in certifcates/keys?
> Could not find a definitive answer on google, so thought it would be > best to ask the experts :) Its probably been discussed on the PKIX mailing list at some point (http://mailarchive.ietf.org/arch/search/?email_list=pkix). Keys don't use them. Certificates can use them based on the ASN.1 type. However, I work on a C++ project, and the CA removed the CN we requested. I'm guessing it was because of the "++" in the common name (friendly name displayed to the user), which may have wreaked havoc on some scripts. I've been waiting to see a BlackHat talk on it. Jeff -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] Are double-quotes valid characters in certifcates/keys?
Hi. Could not find a definitive answer on google, so thought it would be best to ask the experts :) Thanks and Regards, Ajay -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users