Yes, and as long as we're on the that's-the-least-of-your-lockin-worries
thread, you may want to be aware of this bit of news, just today: Significant
Ruling by The Library of Congress: In Ruling on iPhones, Apple Loses a Bit of
Its Grip
Lou
----- Original Message -----
From: "Todd Oberly" <taobe...@mindspring.com>
To: openssl-users@openssl.org
Sent: Wednesday, July 28, 2010 6:53:23 PM
Subject: Re: Simulating Mac keychain CSR with OpenSSL
-----Original Message-----
>From: Wim Lewis <w...@omnigroup.com>
>Sent: Jul 28, 2010 6:33 PM
>To: openssl-users@openssl.org
>Subject: Re: Simulating Mac keychain CSR with OpenSSL
>Well, I haven't tried submitting an OpenSSL-generated CSR to Apple, but the
>CertificateAssistant-generated CSR looks pretty normal. I have a vague memory
>that Apple's fussy about the key type; are you using a 2048-bit RSA key?
>
>I ran asn1parse on a successfully-submitted-to-Apple CSR and I see this
>structure:
>
>[
> version = v1
> subject = { emailAddress = IA5STRING, commonName = UTF8STRING, countryName =
> PRINTABLESTRING }
> subjectPKInfo = [ [ rsaEncryption, NULL ], the usual key parameters, e=65537,
> m ~ 2^2048 ]
> attributes = empty sequence
>]
>
>signed using sha1WithRSAEncryption.
Ah, the key length was one variation I did not try. Thanks. Will give it
another go shortly.
>> I don't like mysteries, and don't being locked into one platform.
>
>Understandable, though I think that once you're using Apple's notification
>service for your iPhones, the way you generate your X.509 key is the least of
>your lockin worries. :)
Hehe, don't get me started. ;)
Thanks,
Todd
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
