to authenticate with
that root CA client certificate.please help me...
Bynum, Don wrote:
This should be good for most purposes. Note the basicConstraints
attribute of pathlen. Unlike the root CA which has no pathlen, the
intermediate has a pathlen of 0.
###
subjectKeyIdentifier
This should be good for most purposes. Note the basicConstraints
attribute of pathlen. Unlike the root CA which has no pathlen, the
intermediate has a pathlen of 0.
###
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always
:[EMAIL PROTECTED] On Behalf Of Bynum, Don
Sent: Saturday, September 15, 2007 3:54 PM
To: openssl-users@openssl.org
Subject: RE: [openssl-users] Bad CRL being generated - Help
That is an interesting and accurate observation. i agree that the
issuer and authority should be the same, that I can fix
i have been setting up a CA and have one hurdle which I cannot figure out. I
have geberated a CRL (currently with no revoked certs). It is regerenced in
the CRL Distribution Points extension of the end entity certs. I can open the
CRL with IE by browsing to the CRL URI. I can import it into
: Sat 9/15/2007 14:37
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Bad CRL being generated - Help
Bonsoir,
Hodie XVII Kal. Oct. MMVII est, Bynum, Don scripsit:
i have been setting up a CA and have one hurdle which I cannot figure
out. I have geberated a CRL (currently
I want to embed a friendly name in a self signed Root CA cert. I cannot
seem to find the correct element in the config file to set this. Anyone
know how to do this?
Don Bynum
,
Don.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson
Sent: Friday, August 24, 2007 9:14 AM
To: openssl-users@openssl.org
Subject: Re: Friendly Name in CA cert
On Fri, Aug 24, 2007, Bynum, Don wrote:
I want to embed a friendly name
I am tring to embed
postal address information into a CSR. I can successfully get postalCode
and streetAddress to work. My problem is that I was under the impression
that the OIDs for streetAddress1, streetAddress2 and streetAddress3 were also
available along with postOfficebox. However, I
I would expect the
following:
openssl x509 -modulus -noout -in mycert.crt
-out mymod.txt
to output the modulus to the specified
"out" file just like all other x509 commands with -out specified. It does
not. Anybody know how to get the modulus sent to a file?
openssl x509 -modulus -noout
I have a chained
cert (from Verisign). What I want is to break out just the domain
cert. I can use sgcinst.exe to do exactly this, but would prefer to use
openssl if possible. Is there a way of breaking up a cert chain using
openssl?
thanks,
don
bynum
Donald E.
BynumDirector,
10 matches
Mail list logo