Re: [ssl-users] base64 wrapping for cert objects

Sun, 7 Jun 1998 19:50:42 -0400 

Netscape uses 
"-----BEGIN CERTIFICATE-----"
and corresponding END trailer around base64 certificates in all
chain/bundling formats that it accepts.  This can include multiple 
certs.

"-----BEGIN NEW CERTIFICATE REQUEST-----"
and the coresponding END trailer is used around PKCS-10 requests.

Netscape is sensitive to the number of dashes.  Must be exactly 5.

--a.




Peter Gutmann wrote:
> 
> When a certificate or cert-related object (cert request, CRL) is
> base64-encoded, there are a large number of different interpretations on what
> delimiters to use around the base64 data.  I've seen BEGIN CERTIFICATE, BEGIN
> CERTIFICATE REQUEST, BEGIN NEW CERTIFICATE REQUEST, BEGIN PGP MESS...no hang
> on, that's something else :-). Alongside these are various creative mutations
> (extra blank lines, name:value pairs a la PGP, and other oddities).  I'm
> trying to build up a list for the X.509 style guide to tell people what to
> expect and recommend a particular format to produce, but to do that I need to
> gather some data on what other programs produce and what they can accept.
> According to Netscapes page on cert formats it looks like they use BEGIN
> CERTIFICATE for everything, MS use the (non-orthogonal) BEGIN NEW CERTIFICATE
> REQUEST, does anyone have any data points on what delimiters are accepted by
> other software (or more importantly, what isn't accepted)?
> 
> Peter.
> 
> 
> +-------------------------------------------------------------------------+
> | Administrative requests should be sent to [EMAIL PROTECTED] |
> | List service provided by Open Software Associates, http://www.osa.com/  |
> +-------------------------------------------------------------------------+

-- 
Anil R. Gangolli
Structured Arts Computing Corp.
http://www.StructuredArts.com
mailto:[EMAIL PROTECTED]
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/  |
+-------------------------------------------------------------------------+

Reply via email to