Re: Questions about signing an intermediate CA

2020-02-12 Thread Michael Leone
On Wed, Feb 12, 2020 at 4:19 PM Michael Wojcik wrote: > > > From: Michael Leone [mailto:tur...@mike-leone.com] > > Sent: Wednesday, February 12, 2020 12:35 > > > Even though I used what might be the wrong terms, I'm sure you knew what I > > meant ... > > Sure. But PKIX, and X.509-based PKI more g

RE: Questions about signing an intermediate CA

2020-02-12 Thread Michael Wojcik
> From: Michael Leone [mailto:tur...@mike-leone.com] > Sent: Wednesday, February 12, 2020 12:35 > Even though I used what might be the wrong terms, I'm sure you knew what I > meant ... Sure. But PKIX, and X.509-based PKI more generally, are - not to mince words - horrible. They're agonizingly c

Re: Questions about signing an intermediate CA

2020-02-12 Thread Karl Denninger
On 2/12/2020 12:59, Michael Leone wrote: > > > On Wed, Feb 12, 2020 at 1:24 PM Karl Denninger > wrote: > > On 2/12/2020 11:32, Michael Leone wrote: >> So we are mostly a MS Windows shop. But I use a Linux openssl as >> my root CA. What I am planning on doing,

Re: Questions about signing an intermediate CA

2020-02-12 Thread Michael Leone
On Wed, Feb 12, 2020 at 2:22 PM Michael Wojcik < michael.woj...@microfocus.com> wrote: > > From: openssl-users [mailto:openssl-users-boun...@openssl.org] On > Behalf Of Michael Leone > > Sent: Wednesday, February 12, 2020 11:59 > > > ... the only CA I have is the root, so that is what I will be si

RE: Questions about signing an intermediate CA

2020-02-12 Thread Michael Wojcik
> From: Michael Leone [mailto:tur...@mike-leone.com] > Sent: Wednesday, February 12, 2020 12:10 > > Here's the config section I use for my test intermediate certificate: > > [ v3_intermediate_ca ] > > authorityKeyIdentifier = keyid:always,issuer > > # pathlen:0 means these certs can only sign non

RE: Questions about signing an intermediate CA

2020-02-12 Thread Michael Wojcik
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Michael Leone > Sent: Wednesday, February 12, 2020 11:59 > ... the only CA I have is the root, so that is what I will be signing with. This is incorrect. A CA is not a certificate. A CA is an organization or individ

Re: Questions about signing an intermediate CA

2020-02-12 Thread Michael Leone
On Wed, Feb 12, 2020 at 1:16 PM Michael Wojcik < michael.woj...@microfocus.com> wrote: > Terminological note: "Windows intermediate CA" isn't really a meaningful > phrase. There's nothing OS-specific about a CA. What you're creating is a > Windows-hosted implementation of your intermediate-CA func

Re: openssl-users Digest, Vol 63, Issue 19

2020-02-12 Thread Abid Butt
plz how can automatically recover this problam On Wed, 12 Feb 2020, 14:59 , wrote: > Send openssl-users mailing list submissions to > openssl-users@openssl.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://mta.openssl.org/mailman/listinfo/openssl-users >

Re: Questions about signing an intermediate CA

2020-02-12 Thread Michael Leone
On Wed, Feb 12, 2020 at 1:24 PM Karl Denninger wrote: > On 2/12/2020 11:32, Michael Leone wrote: > > So we are mostly a MS Windows shop. But I use a Linux openssl as my root > CA. What I am planning on doing, is creating a Windows intermediate CA, and > using that to sign all my internal requests

Re: Questions about signing an intermediate CA

2020-02-12 Thread Karl Denninger
On 2/12/2020 11:32, Michael Leone wrote: > So we are mostly a MS Windows shop. But I use a Linux openssl as my > root CA. What I am planning on doing, is creating a Windows > intermediate CA, and using that to sign all my internal requests. But > before I do that, I have a coupleĀ of questions. > >

RE: Questions about signing an intermediate CA

2020-02-12 Thread Michael Wojcik
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > Michael Leone > Sent: Wednesday, February 12, 2020 10:32 > So we are mostly a MS Windows shop. But I use a Linux openssl as my root CA. > What I am planning on doing, is creating a Windows intermediate CA, and using >

Questions about signing an intermediate CA

2020-02-12 Thread Michael Leone
So we are mostly a MS Windows shop. But I use a Linux openssl as my root CA. What I am planning on doing, is creating a Windows intermediate CA, and using that to sign all my internal requests. But before I do that, I have a couple of questions. I have the steps to install the certificate services

sendfile

2020-02-12 Thread Jeremy Harris
I see that an SSL_sendfile() is due in 3.0 :- https://www.openssl.org/docs/manmaster/man3/SSL_write.html Will there be a matching SSL_recvfile() ? -- Cheers, Jeremy