I've managed to parse the odd X509 certificate I received. Now I have
to create one.
It should look like the below.
X509v3 extensions:
X509v3 Subject Alternative Name: critical
DirName:/2.23.133.2.1=id:57454300/2.23.133.2.2=NPCT42x/NPCT50x/2.23.133.2.3=id:0391
> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Wednesday, 24 October, 2012 19:08
> > The code for "uplink" looks to me like it looks for
> _Applink ONLY in the .exe
>
> It *HAS* to be a .exe? OpenSSL has logic that depends on what type of
> executable is calling it? I
> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Wednesday, 24 October, 2012 19:11
>
> Nor does *.domain.com work for domain.com, correct?
>
Right. Which is why many (most?) public CAs when you request wildcard
issue SubjAltNames containing two entries domain.com and *.
If I have
RootCA -> IntermediateCA -> ServerCert
current OpenSSL will only support trusting RootCA, not trusting
IntermediateCA or ServerCert.
I see in
http://old.nabble.com/Verify-intermediate-certificate-td33129488.html
that there's an experimental new flag X509_V_FLAG_TRUSTED_FIRST that
wil