> From: owner-openssl-us...@openssl.org On Behalf Of Suresh
> Sent: Tuesday, 26 October, 2010 10:41
> Probably I was not clear in my question.
> When I have several certificates like server cert + key,
intermediate
> and root and want all them to bundle in
Probably I was not clear in my question.
When I have several certificates like server cert + key, intermediate and
root and want all them to bundle in a single file say, PKCS#12.
Is there a specific sequence to bundle them?
For example:
first option = key + server cert + intermediate + root
seco
Thank you for a detailed reply Dave.
> There is a standard ASN.1 structure, PKCS#7 aka Cryptographic
> Message Syntax or CMS, which can carry multiple certs and/or CRLs
> in DER (or PEM-ified single DER, as opposed to PEM concatenation)
> and is fairly commonly used for that purpose.
This makes m
> From: owner-openssl-us...@openssl.org On Behalf Of liv2luv
> Sent: Tuesday, 19 October, 2010 11:26
> I am new to SSL and Certificates.
>
> I have generated a CSR and certificate for signing. In return
> I've got three
> certificates.
>
> a. Root CA's certificate
> b. Intermediate Certificate
Hi Steve. I think I can help you on this one. Give me a call at 215-538-3535
and ask for Tom Nichols.
Steve wrote:
> Hello All,
>
> I have a question regarding the use of certificates in IE 5+ and Netscape
> 4.7+. We have written a small customised SSL web server using OpenSSL,
> etc... This web
Jan Meijer wrote:
> You could have a point here. I was fooling around with a test certificate
> that is signed by our root CA (the SURFnet PCA). With this test-certificate
> I signed client certs and I had problems verifying the client certs. The
> troubles went away after including the PCA cer
> Check out the docs in the latest snapshot, particularly the verify and
> x509 commands. They explain how things operate in the snapshot and
> pretty much how 0.9.5 will do things.
Thanks. Think I can find the time somewhere this week :) When the
organisational reshuffles are over and I'm stil
Dr Stephen Henson wrote:
> Andrew Cooke wrote:
> > However, it seems to me that it would be better if the verifier had only
> > the root CA certificate, and the verifiee supplied not just its
> > certificate, but the intermediate certs in the chain. In this way, the
> > verifier would not need
Andrew Cooke wrote:
>
> Hi,
>
>
> However, it seems to me that it would be better if the verifier had only
> the root CA certificate, and the verifiee supplied not just its
> certificate, but the intermediate certs in the chain. In this way, the
> verifier would not need updating if intermedia