RE: Signing a CSR from JetDirect

-Original Message- From: Bob DeBolt [mailto:[EMAIL PROTECTED] Sent: 14 July 2003 18:35 To: [EMAIL PROTECTED] Subject: RE: Signing a CSR from JetDirect It seems to me that it is in the best interest of the major CAs to not offer wildcard certificates; that way, they can

RE: Signing a CSR from JetDirect

extendedKeyUsage = clientAuth, serverAuth in the section [usr_cert] in openssl.cnf before signing. Umesh [EMAIL PROTECTED] wrote on 2003-07-25 05:05: -Original Message- From: Bob DeBolt [mailto:[EMAIL PROTECTED] Sent: 14 July 2003 18:35 To: [EMAIL PROTECTED] Subject: RE: Signing a CSR from

Re: Signing a CSR from JetDirect: Problem solved !

I got it to work; the command below just needs: -extfile ../openssl.cnf -extensions usr_cert I had ASSUMED that since openssl req and openssl ca can find the openssl.cnf file, that openssl x509 could also. -- Dean Dean Gibson (System Administrator) wrote on 2003-07-25 11:49: Thanks for the

Re: Signing a CSR from JetDirect

David Schwartz wrote: The right thing is for the CA to issue a limited wildcard CA cert. Basically, it would say that a certain key may sign certificates for all hosts inside a particular domain. That way you only need one key signed by an outside authority and it doesn't matter if one of

Re: Signing a CSR from JetDirect

On Mon, Jul 14, 2003 at 11:35:01AM -0600, Bob DeBolt wrote: It seems to me that it is in the best interest of the major CAs to not offer wildcard certificates; that way, they can charge their outrageous prices for each certificate that you need, and when you happen to change a

RE: Signing a CSR from JetDirect

On Mon, Jul 14, 2003 at 11:35:01AM -0600, Bob DeBolt wrote: It seems to me that it is in the best interest of the major CAs to not offer wildcard certificates; that way, they can charge their outrageous prices for each certificate that you need, and when you happen to change a

Re: Signing a CSR from JetDirect

Hi, The certificate on JetDirect can be used for both client and server authentication. JetDirect expects the installed certificate to contain extendedKeyUsage extension with the values serverAuth and clientAuth. Add the following line extendedKeyUsage = clientAuth, serverAuth in the section

Re: Signing a CSR from JetDirect

I put that in my openssl.cnf in the [ usr_cert ] section, and did: openssl x509 -req -in hplj4600dn1.csr -CA ultimeth.pem -days 3650 -set_serial 01 -out hplj4600dn1.crt It didn't help; here's what openssl x509 -in hplj4600dn1.crt -text -purpose shows: Certificate: Data: Version: 1

Re: Signing a CSR from JetDirect

I'm not sure that this is AT ALL relevant but I noticed that the issuer CN has a wildcard and I wonder 1) what this means, and 2) if this could be confusing something? Dean Gibson (System Administrator) wrote: openssl x509 -req -in hplj4600dn1.csr -CA ultimeth.pem -days 3650 -set_serial 01 -out

Re: Signing a CSR from JetDirect

I used to generate a self-signed certificate for each hostname I was using for an SSL connection (www.ultimeth.net, imaps.ultimeth.net, smtp.ultimeth.net, etc. ...). Then a couple weeks ago in browsing the Internet, I happened across this site: http://www.freessl.com. I noticed that they

RE: Signing a CSR from JetDirect

It seems to me that it is in the best interest of the major CAs to not offer wildcard certificates; that way, they can charge their outrageous prices for each certificate that you need, and when you happen to change a hostname, they are right there at the trough looking for more money.

Re: Signing a CSR from JetDirect

The screen where I'm supposed to paste the certificate file says: Please insert the certificate into the text box provided. The certificate needs to be in PEM/Base64 encoding and less than 3kB in size, or the certificate will be rejected. -- Dean Michael Sierchio wrote on 2003-07-12 10:09: