Re: Is certificate a CA or Client Certificate

2011-10-03 Thread Jakob Bohm
on behalf of sandeep kiran p [sandeepkir...@gmail.com] Sent: Saturday, October 01, 2011 10:19 AM To: openssl-users@openssl.org Subject: Re: Is certificate a CA or Client Certificate Are you sure there is an ExtendedKeyUsage indicating a "Certificate Sign" OID? Cert Sign AFAIK is only indic

RE: Is certificate a CA or Client Certificate

2011-10-02 Thread Glenn, William
9 AM To: openssl-users@openssl.org Subject: Re: Is certificate a CA or Client Certificate Are you sure there is an ExtendedKeyUsage indicating a "Certificate Sign" OID? Cert Sign AFAIK is only indicated in KeyUsage extension. -Sandeep On Sat, Oct 1, 2011 at 9:24 AM, mailto:jb-open...@

Re: Is certificate a CA or Client Certificate

2011-10-01 Thread sandeep kiran p
Are you sure there is an ExtendedKeyUsage indicating a "Certificate Sign" OID? Cert Sign AFAIK is only indicated in KeyUsage extension. -Sandeep On Sat, Oct 1, 2011 at 9:24 AM, wrote: > On 01-10-2011 01:09, Dave Thompson wrote: > >> From: owner-openssl-users@openssl.**org On >> Behalf Of >>> j

Re: Is certificate a CA or Client Certificate

2011-09-30 Thread jb-openssl
On 01-10-2011 01:09, Dave Thompson wrote: From: owner-openssl-us...@openssl.org On Behalf Of jb-open...@wisemo.com Sent: Thursday, 29 September, 2011 18:46 Because the attributes mentioned are only meaningful if covered by the digital signature on the certificate, it cannot change in any format c

RE: Is certificate a CA or Client Certificate

2011-09-30 Thread Dave Thompson
> From: owner-openssl-us...@openssl.org On Behalf Of jb-open...@wisemo.com > Sent: Thursday, 29 September, 2011 18:46 > Because the attributes mentioned are only meaningful if covered by the > digital signature on the certificate, it cannot change in any format > conversion that keeps the certifi

Re: Is certificate a CA or Client Certificate

2011-09-29 Thread jb-openssl
Because the attributes mentioned are only meaningful if covered by the digital signature on the certificate, it cannot change in any format conversion that keeps the certificate valid. The true format of certificates is binary BER encoded X.509. A .cer file is simply that structure directly. A

Re: Is certificate a CA or Client Certificate

2011-09-29 Thread Harshvir Sidhu
Thanks Jakob. Is this key usage only available in P7b format, when i tried this on CER and P12 format then its not working on them, Crypt API is not able to read extended information about Key Usage. Is the process format specific? I am trying to use CertFindExtension API for this. // Harshvir On T

Re: Is certificate a CA or Client Certificate

2011-09-29 Thread Jakob Bohm
You forgot to also check the Key Usage attribute IF (CA: TRUE OR Key Usage: Certificate Sign) If Self Signed ROOT Else Intermediary Else If Self Signed Toy certificate Else End use (server / person / company / etc.) On 9/29/2011 3:39 PM, Harshvir Sidhu wrote: Hey,

Re: Is certificate a CA or Client Certificate

2011-09-29 Thread Harshvir Sidhu
Hey, I tried using this method following is the flow. IF CA: TRUE If Self Signed ROOT else Intermediate else Personal When i try parsing the PKCS7 (.p7b) files, then for Intermediate CA Certifites I get that its a personal Certificate? Is there something different

Re: Is certificate a CA or Client Certificate

2011-09-16 Thread Jakob Bohm
On 9/16/2011 9:02 PM, Harshvir Sidhu wrote: I already tried this command, but its not giving any information showing wheter its a root certificate or a client certificate. - Harshvir On Fri, Sep 16, 2011 at 1:53 PM, Jakob Bohm > wrote: On 9/16/2011 7:58 PM, Ha

Re: Is certificate a CA or Client Certificate

2011-09-16 Thread vivek here
Hi Harshiv, Try commad : openssl X509 -in 'yourcert/rootcert' -text You are able to see human readable certificate. If the certificate is client certificate and not self signed then 'issuer' is different from 'subject'. And CA: flase for client certificate. you can find CA:true for root/CA certific

Re: Is certificate a CA or Client Certificate

2011-09-16 Thread Harshvir Sidhu
I already tried this command, but its not giving any information showing wheter its a root certificate or a client certificate. - Harshvir On Fri, Sep 16, 2011 at 1:53 PM, Jakob Bohm wrote: > On 9/16/2011 7:58 PM, Harshvir Sidhu wrote: > >> Hi, >> In openssl is there some method using which i

Re: Is certificate a CA or Client Certificate

2011-09-16 Thread Jakob Bohm
On 9/16/2011 7:58 PM, Harshvir Sidhu wrote: Hi, In openssl is there some method using which i can find whether the cerficiate in a file a Client Certificate or a CA/Root Certificate? - H S Try the following command, at look for the CA property and also see if the certificate lists itself or

Is certificate a CA or Client Certificate

2011-09-16 Thread Harshvir Sidhu
Hi, In openssl is there some method using which i can find whether the cerficiate in a file a Client Certificate or a CA/Root Certificate? - H S