On Mon, Feb 24, 2020 at 12:09 PM Michael Wojcik <
michael.woj...@microfocus.com> wrote:
> > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
> Behalf Of Michael Leone
> > Sent: Monday, February 24, 2020 09:37
>
> > SO I was an idiot, and signe
SO I was an idiot, and signed a certificate, but specified an invalid
location. i.e., I used a "/" instead of a "/" in the location.
$ sudo openssl ca -in requests/.req -out
certs\-2020-02-24.
And so I can't find that cert file anywhere (obviously). So I'd like to
revoke it, so that I can
I received a pfx file from one our techs. A pfx file is a cert and key, all
in one binary file. He needs me to split it out into the cert and the key,
so I can create a new request from that key, and then sign a new cert for
him.
(no, I don't know why he can't just create a new request. And I
On Wed, Feb 12, 2020 at 4:19 PM Michael Wojcik
wrote:
>
> > From: Michael Leone [mailto:tur...@mike-leone.com]
> > Sent: Wednesday, February 12, 2020 12:35
>
> > Even though I used what might be the wrong terms, I'm sure you knew what I
> > meant ...
>
> Sure
On Wed, Feb 12, 2020 at 2:22 PM Michael Wojcik <
michael.woj...@microfocus.com> wrote:
> > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
> Behalf Of Michael Leone
> > Sent: Wednesday, February 12, 2020 11:59
>
> > ... the only CA I have
On Wed, Feb 12, 2020 at 1:16 PM Michael Wojcik <
michael.woj...@microfocus.com> wrote:
> Terminological note: "Windows intermediate CA" isn't really a meaningful
> phrase. There's nothing OS-specific about a CA. What you're creating is a
> Windows-hosted implementation of your intermediate-CA
On Wed, Feb 12, 2020 at 1:24 PM Karl Denninger wrote:
> On 2/12/2020 11:32, Michael Leone wrote:
>
> So we are mostly a MS Windows shop. But I use a Linux openssl as my root
> CA. What I am planning on doing, is creating a Windows intermediate CA, and
> using that to sign
So we are mostly a MS Windows shop. But I use a Linux openssl as my root
CA. What I am planning on doing, is creating a Windows intermediate CA, and
using that to sign all my internal requests. But before I do that, I have a
couple of questions.
I have the steps to install the certificate
On Fri, Feb 7, 2020 at 4:02 PM Michael Wojcik
wrote:
>
> > From: Michael Leone [mailto:tur...@mike-leone.com]
> > Sent: Friday, February 07, 2020 13:13
> >
> > I've got it almost all figured out, except how to get a subjectAltName
> > automatically populat
On Fri, Feb 7, 2020 at 3:08 PM Michael Wojcik
wrote:
>
> > From: Michael Leone [mailto:tur...@mike-leone.com]
> > Sent: Friday, February 07, 2020 11:55
> >
> > How is that this works for everyone else, and not me? :-)
>
> It doesn't.
>
> I just reviewed this
On Fri, Feb 7, 2020 at 1:46 PM Michael Leone wrote:
>
> On Fri, Feb 7, 2020 at 12:35 PM Michael Wojcik
> wrote:
> > Or copied using the copy_extensions option, as noted in the discussion of
> > that issue.
> >
> > In the OpenSSL configuration file used b
On Fri, Feb 7, 2020 at 12:35 PM Michael Wojcik
wrote:
> Or copied using the copy_extensions option, as noted in the discussion of
> that issue.
>
> In the OpenSSL configuration file used by "openssl ca", in the CA section
> (that is, the section named by the default_ca option, or in the section
On Fri, Feb 7, 2020 at 11:02 AM Sergio NNX wrote:
>
> This is the basics of OpenSSL!
>
> You would like to add extensions to a CSR or the problem arises when signing
> it?
Yes, when I sign, I get no extensions that are requested in the CSR.
Nor are any added, when I sign (requested or not).
>
On Fri, Feb 7, 2020 at 10:30 AM Michael Richardson wrote:
>
>
> Michael Leone wrote:
> > On Fri, Feb 7, 2020 at 8:54 AM Michael Leone
> wrote:
> >> Thanks, tho, I did learn a thing or two. I see from this example
> >>
> >> openssl
On Thu, Feb 6, 2020 at 5:45 PM Viktor Dukhovni
wrote:
>
> On Thu, Feb 06, 2020 at 02:36:03PM -0500, Michael Leone wrote:
>
> > Oh, I can add extensions by signing and using the -extfile option, and
> > specifying a file with the specific options I want to give the
> &g
On Fri, Feb 7, 2020 at 8:54 AM Michael Leone wrote:
> Thanks, tho, I did learn a thing or two. I see from this example
>
> openssl req -config $cfgdir/openssl-root.cnf $passin \
> -set_serial 0x$(openssl rand -hex $sn)\
> -keyform $format -outform $format\
> -k
On Thu, Feb 6, 2020 at 5:45 PM Viktor Dukhovni
wrote:
> On Thu, Feb 06, 2020 at 02:36:03PM -0500, Michael Leone wrote:
>
> > Oh, I can add extensions by signing and using the -extfile option, and
> > specifying a file with the specific options I want to give the
> > certi
This is driving me crazy. I have a CA, running on Debian 9, running
openssl 1.1.0. (this CA is for our organization internal use only, of
course). I can successfully sign requests. However, what I can't seem
to do, is add x509 extensions to the signed certificate, as part of
the openssl.cnf.
Oh,
18 matches
Mail list logo