hi,
i am playing arount with certificates created and signed from
"/demos/selfsign.c". I replaced some of the code... so i post the output
of 'openssl x509 -in cert.pem -text' here:
Certificate:
Data:
Version: 4 (0x3)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=DE, CN=XYZ, University ABC
Validity
Not Before: Oct 7 16:32:48 2005 GMT
Not After : Oct 7 16:32:48 2006 GMT
Subject: C=DE, CN=XYZ, University ABC
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (512 bit)
Modulus (512 bit):
00:ce:e3:af:45:76:2e:54:61:40:f4:49:86:bd:0a:
aa:fc:0e:03:58:cc:c0:b6:51:f1:f7:8b:d8:39:d8:
7e:dd:ae:84:76:c7:d3:37:b5:ab:01:60:9e:ad:bd:
82:a5:90:6e:25:26:23:b1:81:07:96:f1:2e:4e:7e:
c2:45:0f:35:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
Netscape Cert Type:
SSL Server
Netscape Comment:
example comment extension
Netscape SSL Server Name:
www.openssl.org
Signature Algorithm: md5WithRSAEncryption
76:fb:3f:6a:21:fa:bb:39:08:6a:d1:24:2c:0f:a5:ae:27:e8:
d4:b2:96:9c:b7:c0:d8:11:23:5b:3d:34:dc:f2:09:0f:8e:f5:
3b:10:4f:d4:7c:ac:b4:e1:12:51:0b:fe:48:06:27:d0:99:f5:
e4:52:82:89:8f:19:90:09:f8:8a
I use this certificate for a http server. the test client (firefox) pops
up the well known "unknown certificate" message. i can then accept the
certificate and start browsing.
there seem to be some formal issues with the certificate however:
1. when i "examine" the certificate from firefoxes popup window the
topmost message sais
"could not verify the certificate for unknown reasons", and
folding/unfolding the certificate
entries is not possible: it looks as if the certificate is "empty"
2. on the server side i receive a sslv3 alert bad certificate
what are now the differences between a "properly working" self signed
certificate
and the one that i use?
thanks for any help.
felix dorner
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
