RE: intermediate CA configuration

to authenticate with that root CA client certificate.please help me... Bynum, Don wrote: This should be good for most purposes. Note the basicConstraints attribute of pathlen. Unlike the root CA which has no pathlen, the intermediate has a pathlen of 0. ### subjectKeyIdentifier

RE: intermediate CA configuration

This should be good for most purposes. Note the basicConstraints attribute of pathlen. Unlike the root CA which has no pathlen, the intermediate has a pathlen of 0. ### subjectKeyIdentifier=hash authorityKeyIdentifier=keyid:always

RE: [openssl-users] Bad CRL being generated - Help

:[EMAIL PROTECTED] On Behalf Of Bynum, Don Sent: Saturday, September 15, 2007 3:54 PM To: openssl-users@openssl.org Subject: RE: [openssl-users] Bad CRL being generated - Help That is an interesting and accurate observation. i agree that the issuer and authority should be the same, that I can fix

Bad CRL being generated - Help

i have been setting up a CA and have one hurdle which I cannot figure out. I have geberated a CRL (currently with no revoked certs). It is regerenced in the CRL Distribution Points extension of the end entity certs. I can open the CRL with IE by browsing to the CRL URI. I can import it into

RE: [openssl-users] Bad CRL being generated - Help

: Sat 9/15/2007 14:37 To: openssl-users@openssl.org Subject: Re: [openssl-users] Bad CRL being generated - Help Bonsoir, Hodie XVII Kal. Oct. MMVII est, Bynum, Don scripsit: i have been setting up a CA and have one hurdle which I cannot figure out. I have geberated a CRL (currently

Friendly Name in CA cert

I want to embed a friendly name in a self signed Root CA cert. I cannot seem to find the correct element in the config file to set this. Anyone know how to do this? Don Bynum

RE: Friendly Name in CA cert

, Don. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson Sent: Friday, August 24, 2007 9:14 AM To: openssl-users@openssl.org Subject: Re: Friendly Name in CA cert On Fri, Aug 24, 2007, Bynum, Don wrote: I want to embed a friendly name

CSR Contents

I am tring to embed postal address information into a CSR. I can successfully get postalCode and streetAddress to work. My problem is that I was under the impression that the OIDs for streetAddress1, streetAddress2 and streetAddress3 were also available along with postOfficebox. However, I

x509 -modulus output to a file

I would expect the following: openssl x509 -modulus -noout -in mycert.crt -out mymod.txt to output the modulus to the specified "out" file just like all other x509 commands with -out specified. It does not. Anybody know how to get the modulus sent to a file? openssl x509 -modulus -noout

openssl equivalent of sgcinst.exe

I have a chained cert (from Verisign). What I want is to break out just the domain cert. I can use sgcinst.exe to do exactly this, but would prefer to use openssl if possible. Is there a way of breaking up a cert chain using openssl? thanks, don bynum Donald E. BynumDirector,