> From: owner-openssl-users On Behalf Of Walter H.
> Sent: Tuesday, November 12, 2013 05:08
> On Tue, November 12, 2013 05:47, Alan Jakimiuk wrote:
> > Is there a way I can make all three linked?
>
> this should be the default.
>
> > ie. Cert A->Cert B->Cert C in the certification path?
> > Any
Le 13/11/2013 13:30, Igor Sverkos a écrit :
Hello,
thank you for your response. There's one thing in your reply I don't
understand:
Erwann Abalea wrote:
>> It seems to be a valid certificate for OpenSSL, right?
>
> OpenSSL can parse it, yes.
>
> [...]
>
> Reading X.520 shows that the Director
This is taken from X.520/RFC5280:
DirectoryString ::= CHOICE {
teletexString TeletexString (SIZE (1..MAX)),
printableString PrintableString (SIZE (1..MAX)),
universalString UniversalString (SIZE (1..MAX)),
utf8String UTF
On 13 November 2013 10:35, Igor Sverkos wrote:
> According to RFC 3280, which defines
> X.509 certficates, these entries, if they exist, must not have
> an empty value.
FWIW, RFC 3280 has been obsoleted by RFC 5280.
I couldn't find where it said this in RFC 5280. Pointer?
___
Hello,
thank you for your response. There's one thing in your reply I don't
understand:
Erwann Abalea wrote:
>> It seems to be a valid certificate for OpenSSL, right?
>
> OpenSSL can parse it, yes.
>
> [...]
>
> Reading X.520 shows that the DirectoryString type disallows 0-sized
> elements. So yo
Bonjour,
Le 13/11/2013 11:35, Igor Sverkos a écrit :
Hi,
please see the following certificate:
-BEGIN CERTIFICATE-
MIIEbTCCA1WgAwIBAgICLgAwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMx
[...]
uKnvqzQP10A7f3PBsGYRA2DCeMDavaEoizJnNyjCOQx4
-END CERTIFICATE-
It seems to be a valid certi
Hi,
please see the following certificate:
-BEGIN CERTIFICATE-
MIIEbTCCA1WgAwIBAgICLgAwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMx
FzAVBgNVBAoTDkdlb1RydXN0LCBJbmMuMRgwFgYDVQQDEw9HZW9UcnVzdCBTU0wg
Q0EwHhcNMTAxMDE5MDQyMDUwWhcNMTUxMDIwMjMzNTI0WjCBhDEpMCcGA1UEBRMg
bnFxRThGb0stQmpPbk9POTBWTE1mM3BB
You can add a "caIssuer" entry to the "authorisInformationAccesss" extension
of cert B and C. Put an URL where you can download the issuing certificate (so
cert C has a URL to download cert B). That way, windows can automatically
fetch the intermediate certificate.
cheers
Mat
On Tuesday 12. No
