e client can be able to authenticate with
that root CA client certificate.please help me...
Bynum, Don wrote:
>
> This should be good for most purposes. Note the basicConstraints
> attribute of pathlen. Unlike the root CA which has no pathlen, the
> inte
This should be good for most purposes. Note the basicConstraints
attribute of pathlen. Unlike the root CA which has no pathlen, the
intermediate has a pathlen of 0.
###
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always
crlDistributionPoints=URI:http://crl1.somedomain.com/IntCA.crl,UR
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bynum, Don
Sent: Saturday, September 15, 2007 3:54 PM
To: openssl-users@openssl.org
Subject: RE: [openssl-users] Bad CRL being generated - Help
That is an interesting and accurate observation. i agree that the
issuer and authority should be the
Sent: Sat 9/15/2007 14:37
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Bad CRL being generated - Help
Bonsoir,
Hodie XVII Kal. Oct. MMVII est, Bynum, Don scripsit:
>i have been setting up a CA and have one hurdle which I cannot figure
>out. I have geberated a CRL
i have been setting up a CA and have one hurdle which I cannot figure out. I
have geberated a CRL (currently with no revoked certs). It is regerenced in
the CRL Distribution Points extension of the end entity certs. I can open the
CRL with IE by browsing to the CRL URI. I can import it into
,
Don.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson
Sent: Friday, August 24, 2007 9:14 AM
To: openssl-users@openssl.org
Subject: Re: Friendly Name in CA cert
On Fri, Aug 24, 2007, Bynum, Don wrote:
> I want to embed a frien
I want to embed a friendly name in a self signed Root CA cert. I cannot
seem to find the correct element in the config file to set this. Anyone
know how to do this?
Don Bynum
I am tring to embed
postal address information into a CSR. I can successfully get postalCode
and streetAddress to work. My problem is that I was under the impression
that the OIDs for streetAddress1, streetAddress2 and streetAddress3 were also
available along with postOfficebox. However,
I would expect the
following:
openssl x509 -modulus -noout -in mycert.crt
-out mymod.txt
to output the modulus to the specified
"out" file just like all other x509 commands with -out specified. It does
not. Anybody know how to get the modulus sent to a file?
openssl x509 -modulus -noo
The answer is:
openssl pkcs7 -in [chained cert file] -print_certs -out
[output file]
The output file will contain each individual cert
including issuer info, etc.
DB
I
have a chained cert (from Verisign). What I want is to break out just the
domain cert. I can use sgcinst.exe to do exactly this, but would prefer to
use openssl if possible. Is there a way of breaking up a cert chain using
openssl?
thanks,
don
bynum
I have a chained
cert (from Verisign). What I want is to break out just the domain
cert. I can use sgcinst.exe to do exactly this, but would prefer to use
openssl if possible. Is there a way of breaking up a cert chain using
openssl?
thanks,
don
bynum
Donald E.
BynumDirector, Ar
12 matches
Mail list logo