Patrick Patterson wrote:
Hi Ken:
On Thursday 30 November 2006 14:13, Ken Johanson wrote:
With the following in my config file, and trying to create a new OID
(the example below being some from the new EV-SSL draft):
..snip
problem creating object
1.3.6.1.4.1.311.60.2.1.1
With the following in my config file, and trying to create a new OID
(the example below being some from the new EV-SSL draft):
HOME= .
oid_section = new_oids
[ new_oids ]
1.3.6.1.4.1.311.60.2.1.1= jurisdictionOfIncorporationLocalityName
1.3.6.1.4.1.311.60
Hello,
Does anyone know if there is some syntactical sugar that will allow us
to import binary data from a file, from within openssl.cnf?
Specifically, I want to experiment with importing photo-ids (jpegs) into
the a cert/req.
I found, and am able to use, the new arbitrary-oid/built-in compiler
Hello,
Does anyone know if there is some syntactical sugar that will allow us
to import binary data from a file, from within openssl.cnf?
Specifically, I want to experiment with importing photo-ids (jpegs) into
the a cert/req.
I found, and am able to use, the new arbitrary-oid/built-in compiler
Hi all,I'm trying to add the x500UniqueIdentifier attrib to a cert request,and/or at the signing stage, but am not having success. Using
0.9.8c,the [x509_extensions] attrib:x500UniqueIdentifier = 'foo'causes:Error Loading extension section local_ca_extensions1972:error:0E06D06C:configuration file
Hi all,
I'm trying to add the x500UniqueIdentifier attrib to a cert request,
and/or at the signing stage, but am not having success. Using 0.9.8c,
the [x509_extensions] attrib:
x500UniqueIdentifier = 'foo'
causes:
Error Loading extension section local_ca_extensions
1972:error:0E06D06C:configura
Most SMTP clients send client certificates even when the signing CA isnot solicited. The Postfix SMTP server does not complain if the client
certificate verification fails. The key issue is coding the server-sideverification callback correctly, so that the session is not rejecteddespite the unverif
Apple/Safari browsers (all current versions) have a bug where if they attempt to connect to a SSL client-authenticated website, and have client certs in their keystore whos signers/chain is not solicited during SSL handshake.. then Safari may send the unsolicited cert anyway.
This is a problem even
