On Thu, Aug 21, 2003, Rohan Pinto wrote:
I have a SunONE WebServer 6.0 running on a certain subnet. (www.abcd.com -
for this example)
The Webserver serves content over http.
I intend to protect this content via PDC authentication. To do so, I'd need
2 things.
1. A Server Cert
2. A User
Dr. Stephen Henson wrote:
On Fri, Aug 22, 2003, Charles B Cranston wrote:
Well, the sad answer to this question is yes. It turns out that
in the design of SSL the client does the verification, so each
client has its own little set of peccadillos.
Indeed but if the OP means that you need a
On Fri, Aug 22, 2003, Charles B Cranston wrote:
Dr. Stephen Henson wrote:
These are some of the ones we found:
Netscape 4 will not tolerate an ExtendedKeyUsage extension.
Hmmm. What makes you think that? EKU is *required* to handle step up (aka
SGC, magic, 128 bit [yuck]) and Netscape 4
Continuation of a dialog between Dr. Stephen Henson
and Charles B Cranston:
B: These are some of the ones we found:
B: Netscape 4 will not tolerate an ExtendedKeyUsage extension.
S: Hmmm. What makes you think that? EKU is *required* to handle step up
S: (aka SGC, magic, 128 bit [yuck]) and
Well, I took dumps of the two certificates (and CSR) that Rohan
provided, and the dates overlap, which might be the IE specific
problem.
At first it looked like the subject DNs were exactly the same
between the two certificates, but upon closer examination the
subject DN for the server certificate
On Fri, Aug 22, 2003, Charles B Cranston wrote:
Continuation of a dialog between Dr. Stephen Henson
and Charles B Cranston:
B: These are some of the ones we found:
B: Netscape 4 will not tolerate an ExtendedKeyUsage extension.
S: Hmmm. What makes you think that? EKU is *required* to
Based on a dialog that said unknown critical extension
I've never seen that dialog on Netscape, though I've seen IE produce it.
What I'm saying is that stepup uses EKU (among other things) to identify its
certificates Netscape 4.[something] did support stepup so presumably it at
least partially
On Fri, Aug 22, 2003, Charles B Cranston wrote:
Based on a dialog that said unknown critical extension
I've never seen that dialog on Netscape, though I've seen IE produce it.
What I'm saying is that stepup uses EKU (among other things) to identify
its
certificates Netscape 4.[something]
Message -
From: Charles B Cranston [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, August 19, 2003 12:21 PM
Subject: Re: Newbie question - Signing CSR's
Rohan Pinto wrote:
I wrote
What you need to do is:
1. create a root certificate
2. install that root certificate into all your web browsers
-
From: Charles B Cranston [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, August 19, 2003 12:50 PM
Subject: Re: Newbie question - Signing CSR's (picture enclosed)
Sometimes a picture is worth a thousand words:
The Standard Model of Certificate generation:
On the server machine: Generate
On Wed, Aug 20, 2003, Rohan Pinto wrote:
So...
if the CASr has been generated
and the CSR has been sent to the CA (running openssl)
whats the command (in openssl) to sign this CSR ??
anything on the lines of..
./openssl -some parameters- request.CSR -some parameters-
cacert.srl, but I never specified this
filename,
any insight on this
Rohan
- Original Message -
From: Charles B Cranston [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, August 19, 2003 12:21 PM
Subject: Re: Newbie question - Signing CSR's
Rohan Pinto wrote:
I wrote
What you need to do
On Tue, Aug 19, 2003, Rohan Pinto wrote:
This is the part that i would need help on. I have created a root
certificate, I've imported that into all my web browsers and also on the
webserver. I have also crested a cSR from the webserver. I dont know how to
sign the CSR If I could get some
Rohan Pinto wrote:
I wrote
What you need to do is:
1. create a root certificate
2. install that root certificate into all your web browsers
3. create a CSR on the server
4. use the root to sign that CSR into a server certificate
This is the part that i would need help on. I have created a root
Sometimes a picture is worth a thousand words:
The Standard Model of Certificate generation:
On the server machine: Generate CSR operation
+-+ +-+
| Private Key | | Certificate Signing Request |
+--+--+ |
15 matches
Mail list logo