> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Zack Williams
> Sent: Thursday, 27 March, 2014 20:26
>
> On Thu, Mar 27, 2014 at 2:47 AM, Stefan H. Holek wrote:
> > No reason. Just for maximum compatibility. Every software can do SHA1. But
> this c
On Thu, Mar 27, 2014 at 2:47 AM, Stefan H. Holek wrote:
> No reason. Just for maximum compatibility. Every software can do SHA1. But
> this comes up a lot and I might switch to sha256 the next time around.
It appears that even what most "legacy" web browsers and servers
support sha256, given the
On 27.03.2014, at 13:32, Walter H. wrote:
> Does this mean, you use certificates with a complete chain of at least 4
> certificates?
>
> - root ca cert. no pathlen
> - intermediate ca cert. also no pathlen
> - signing ca cert. with pathlen
> - end cert
Yes, the expert example does that.
> what
Hello,
On Thu, March 27, 2014 10:47, Stefan H. Holek wrote:
>> 3. Is there a reason to not set a pathLen in the basicConstraints
>> section of the Root CA's (to 1, to allow a maximum of one layer of
>> CA's below the Root), but to do so on the Intermediate CA's?
>
> Pathlen is not used on root CA
Le 27/03/2014 11:14, Jeffrey Walton a écrit :
On Thu, Mar 27, 2014 at 5:47 AM, Stefan H. Holek wrote:
On 25.03.2014, at 17:44, Zack Williams wrote:
...
3. Is there a reason to not set a pathLen in the basicConstraints
section of the Root CA's (to 1, to allow a maximum of one layer of
CA's bel
On Thu, Mar 27, 2014 at 5:47 AM, Stefan H. Holek wrote:
> On 25.03.2014, at 17:44, Zack Williams wrote:
>
>> ...
>> 3. Is there a reason to not set a pathLen in the basicConstraints
>> section of the Root CA's (to 1, to allow a maximum of one layer of
>> CA's below the Root), but to do so on the I
On 25.03.2014, at 17:44, Zack Williams wrote:
> 1. Is there a reason you're not using SHA-256 hash by default - it
> appears that SHA1 is being recommended against currently:
> http://www.digicert.com/sha-2-ssl-certificates.htm
No reason. Just for maximum compatibility. Every software can do SHA1
Le 25/03/2014 23:08, Zack Williams a écrit :
On Tue, Mar 25, 2014 at 10:54 AM, Erwann Abalea
wrote:
2. I couldn't figure out what the [additional_oids] section of the
Expert example's root-ca.conf file is for - either through research or
going through the commit history. Could you elaborate on
On Tue, Mar 25, 2014 at 10:54 AM, Erwann Abalea
wrote:
>
>> 2. I couldn't figure out what the [additional_oids] section of the
>> Expert example's root-ca.conf file is for - either through research or
>> going through the commit history. Could you elaborate on what that
>> accomplishes?
>>
>> htt
Le 25/03/2014 17:44, Zack Williams a écrit :
On Fri, Mar 21, 2014 at 12:25 AM, Stefan H. Holek wrote:
I have updated the OpenSSL PKI Tutorial at Read the Docs. The tutorial provides
three complete PKI examples you can play through and the prettiest
configuration files this side of Neptune. Ch
On Fri, Mar 21, 2014 at 12:25 AM, Stefan H. Holek wrote:
> I have updated the OpenSSL PKI Tutorial at Read the Docs. The tutorial
> provides three complete PKI examples you can play through and the prettiest
> configuration files this side of Neptune. Check it out!
>
> https://pki-tutorial.readt
Hi All,
I have updated the OpenSSL PKI Tutorial at Read the Docs. The tutorial provides
three complete PKI examples you can play through and the prettiest
configuration files this side of Neptune. Check it out!
https://pki-tutorial.readthedocs.org/
Cheers,
Stefan
--
Stefan H. Holek
ste...@ep
On 29.04.2013, at 22:48, Kevin Fowler wrote:
> In the Simple PKI example, step 5.4 "View PKCS#7 bundle", the "-in" option
> points to "ca" directory, but the bundle was created in step 4.3 "Create
> PKCS#7 bundle" in the "certs" directory". I.e.:
Good catch! I have fixed 4.3 to use the "ca" dir
In the Simple PKI example, step 5.4 "View PKCS#7 bundle", the "-in" option
points to "ca" directory, but the bundle was created in step 4.3 "Create
PKCS#7 bundle" in the "certs" directory". I.e.:
Step 4.3:
openssl crl2pkcs7 -nocrl \
-certfile ca/signing-ca.crt \
-certfile ca/root-ca.crt \
Hi All!
I have updated the OpenSSL PKI tutorial at readthedocs. The tutorial takes a
novel approach without ever referring to openssl.cnf or CA.pl (yuck). You can
find it here:
https://pki-tutorial.readthedocs.org/
Thanks to everyone who has provided feedback for the first version. I heard
yo
15 matches
Mail list logo