On Wed, Aug 30, 2017 at 12:17:09AM -0400, Robert Moskowitz wrote:
> So back to openssl ca and deal with no way to directly create a DER
> formatted cert.
>
> Definitely a deficiency.
Not really a deficiency, as the certificates in question need to
be squirreled away in PEM format in the CA's
Viktor,
thanks for the explanation. Obviously I read more into the man that was
really there:
https://www.openssl.org/docs/man1.1.0/apps/x509.html
So back to openssl ca and deal with no way to directly create a DER
formatted cert.
Definitely a deficiency.
On 08/29/2017 07:25 PM, Viktor
On 08/29/2017 07:24 PM, Dr. Stephen Henson wrote:
On Tue, Aug 29, 2017, Robert Moskowitz wrote:
I started out making certs from csrs with:
openssl ca -config $dir/openssl-intermediate.cnf -extensions
usr_cert -days 375 -notext -md sha256 \
-in $dir/csr/$clientemail.csr.$format -out
On Tue, Aug 29, 2017 at 05:36:34PM -0400, Robert Moskowitz wrote:
> Another problem. It is almost like it is not reading the CA selction?
Not "almost", but actually as expected, since "openssl x509 -req"
is not the ca(1) application.
>openssl x509 -req -extfile $dir/openssl-8021AR.cnf \
>
On Tue, Aug 29, 2017, Robert Moskowitz wrote:
> I started out making certs from csrs with:
>
> openssl ca -config $dir/openssl-intermediate.cnf -extensions
> usr_cert -days 375 -notext -md sha256 \
> -in $dir/csr/$clientemail.csr.$format -out
> $dir/certs/$clientemail.cert.$format
>
> And
Another problem. It is almost like it is not reading the CA selction?
openssl ca -config $dir/openssl-8021AR.cnf -extensions 8021ar_idevid
-notext -md sha256 \
-in $dir/csr/$DevID.csr.pem -out $dir/certs/$DevID.cert.pem
processes the default_enddate
default_enddate= 1231235959Z #
I started out making certs from csrs with:
openssl ca -config $dir/openssl-intermediate.cnf -extensions usr_cert
-days 375 -notext -md sha256 \
-in $dir/csr/$clientemail.csr.$format -out
$dir/certs/$clientemail.cert.$format
And that worked well enough, but I found some limitations
Thank you so much for the reply.
I will comment in the issue as requested, but I'll do so in email so that I
can CC the openssl-users list.
Kazuki Yamaguchi wrote:
> The ruby-core mailing list or this GitHub issue tracker is the right
> place for questions