Re: How to create a certificate with 2 CRL distribution points?
Thanks. I actually uses two config files. Once I update the other config file, the certificate has both Distribution Points. Ted Zeng On 11/10/07 5:36 AM, "Dr. Stephen Henson" <[EMAIL PROTECTED]> wrote: > On Fri, Nov 09, 2007, Ted Zeng wrote: > >> >> Hi, >> >> I use Mac OS X 10.4.10 to create a certificate with two DRL distribution >> points. I have been able to create certs with one distribution point. >> >> Here is how I set in the conf file: >> >> [ certificate_extensions ] >> basicConstraints = CA:false >> extendedKeyUsage =codeSigning >> crlDistributionPoints=URI:http://server1/certs/air1.crl,URI:http://server2/c >> erts/air1.crl >> >> >> The certificate generated has only the first URI. >> >> What should I do to let a certificate have 2 DPs? >> > > Works fine with me with OpenSSL 0.9.8-stable on Windows. > > You don't have a line further down with crlDistributionPoints on as well do > you? If you do OpenSSL will only see the last instance. > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Funding needed! Details on homepage. > Homepage: http://www.drh-consultancy.demon.co.uk > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to create a certificate with 2 CRL distribution points?
On Fri, Nov 09, 2007, Ted Zeng wrote: > > Hi, > > I use Mac OS X 10.4.10 to create a certificate with two DRL distribution > points. I have been able to create certs with one distribution point. > > Here is how I set in the conf file: > > [ certificate_extensions ] > basicConstraints = CA:false > extendedKeyUsage =codeSigning > crlDistributionPoints=URI:http://server1/certs/air1.crl,URI:http://server2/c > erts/air1.crl > > > The certificate generated has only the first URI. > > What should I do to let a certificate have 2 DPs? > Works fine with me with OpenSSL 0.9.8-stable on Windows. You don't have a line further down with crlDistributionPoints on as well do you? If you do OpenSSL will only see the last instance. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to create a certificate with 2 CRL distribution points?
I take the information from this web page: http://www.openssl.org/docs/apps/x509v3_config.html Which has the following: crlDistributionPoints=URI:http://myhost.com/myca.crl crlDistributionPoints=URI:http://my.com/my.crl,URI:http://oth.com/my.crl Ted Zeng Adobe Systems Inc. On 11/9/07 8:31 PM, "Rodney Thayer" <[EMAIL PROTECTED]> wrote: > Ted Zeng wrote: >> Hi, >> >> I use Mac OS X 10.4.10 to create a certificate with two DRL distribution >> points. I have been able to create certs with one distribution point. >> >> Here is how I set in the conf file: >> >> [ certificate_extensions ] >> basicConstraints = CA:false >> extendedKeyUsage =codeSigning >> crlDistributionPoints=URI:http://server1/certs/air1.crl,URI:http://server2/c >> erts/air1.crl >> >> >> The certificate generated has only the first URI. >> >> What should I do to let a certificate have 2 DPs? > > I only vaguely recall that being possible so I'm assuming you're > correct that there can be multiple entries. check the examples... is it > "," or some other character that's supposed to be in between. And do > you say URI twice? > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: How to create a certificate with 2 CRL distribution points?
Ted Zeng wrote: > Hi, > > I use Mac OS X 10.4.10 to create a certificate with two DRL distribution > points. I have been able to create certs with one distribution point. > > Here is how I set in the conf file: > > [ certificate_extensions ] > basicConstraints = CA:false > extendedKeyUsage =codeSigning > crlDistributionPoints=URI:http://server1/certs/air1.crl,URI:http://server2/c > erts/air1.crl > > > The certificate generated has only the first URI. > > What should I do to let a certificate have 2 DPs? I only vaguely recall that being possible so I'm assuming you're correct that there can be multiple entries. check the examples... is it "," or some other character that's supposed to be in between. And do you say URI twice? __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]