A quick question for everyone...
In the openssl.cnf, by default there is a new_oids section with a
testoid line to serve as an example. So if I have a unique assigned
oid, can I just remove the # on the testoid1 line? I recall reading
someone mentioning using a line of dc=(oid number) instead.
I've setup an openssl root and a subordinate CA. I have successfully
signed CA certificate for the subordinate from the root (used the
-newreq option), however when I execute the 'ca.pl -newca' it doesn't
set up the subordinate authority at all. When it asks for the CA
certificate filename, I poi
Let me preface first by saying I did see some previous users had this
problem also. I've even gone so far as to completely wipe the system
and start fresh only to have the same issue.
Running a FreeBSD 6.2 server with OpenSSL 0.9.8d. After I do the
installation, I execute the CA.pl -newca opti
Wonderful!
I redid the root CA setup using ca.pl, modified the openssl.cnf file to
CA:TRUE in the v3_ca section, and signed the subordinate request using
the previous command:
(ca -config /path/openssl.cnf -out thecertificate.pem -in
requestfile.req -extensions v3_ca). I imported the the pem file
I think I see what you're getting at now. I reviewed the text of the
root and the subordinate certs; the root does NOT have the CA:TRUE
(false obviously), the subordinate does have CA:TRUE. So I guess this
tells me I must have installed the root CA incorrectly.
I didn't use CA.pl, but rather C
nssl-users@openssl.org
Subject: Re: OpenSSL with Windows subordinates
On Thu, Dec 28, 2006, Aaron Barnes wrote:
> I think we're making some progress with resolving this problem. I
> signed a new request with the switch you mentioned and loaded it onto
> the subordinate. I don'
I think we're making some progress with resolving this problem. I
signed a new request with the switch you mentioned and loaded it onto
the subordinate. I don't receive the old ASN1 error, which is good, but
now I've received one I've never seen before, "A certificate's basic
constraint extensio
With Windows certificate services, upon installation it will ask you to
select the type of CA the server is to become from 4 different options.
I've chosen an enterprise online CA, however its parent is offline, so
of course I cannot make an online certificate request. I saved the
actual certifica
I have an OpenSSL CA running on a BSD 6.1 machine as the root, and am
trying to have that act as the parent to subordinate Windows online
enterprise CAs.
The installation went fine. I signed the Windows subordinate CA cert
request with SSL, then converted it to pkcs12 to be installed. That's
