sl.org
> Cc: st...@openssl.org
> Subject: Newsreader (was: Question about exporting user certificate
> files to .pfx)
>
> On Tue, Nov 20, 2012 at 11:56 AM, wrote:
> > it would be swell if I could get my email address removed from the
> > list without removing my subscrip
On Tue, Nov 20, 2012 at 11:56 AM, wrote:
> it would be swell if I could get my email address removed from the list
> without removing my subscription too. This way I could just use my
> newsreader to get the messages without having my email box cluttered every
> day with this high-volume list.
On Mon, Nov 19, 2012, Erwann Abalea wrote:
> You should get better CA scripts, or build your own set after
> reading your openssl.cnf file and other associated documentation.
>
> man req
> man x509
> man ca
> man x509v3_config
>
> When I need a junk CA, I personaly use "openssl req" to create th
Answers inline.
--
Erwann ABALEA
-
Un forum peut répondre à plusieurs besoins à la fois
Ici, le groupe des débutants dépasse en nombre le groupe des utilisateur
"middle-class" ce qui provoque inévitablement des tensions.
-+- EF - Guide du Neuneu d'Usenet - La lutte des middle classes -+-
Le
Maybe I got something wrong creating the intermediate CA which is
supposed to be the 2nd certificate. This is what I did to create the
intermediate CA. Maybe I missed something?
Generated Intermediate CA key:
openssl genrsa -out ia.key 4096
Generated Intermediate CA Certificate Request:
open
Thanks.
The first certificate is your root CA, the second one is a version 1
certificate that can't be used as a CA (it would be insecure to allow it).
If your end-user certificate is issued by this second certificate, then
the error message is normal.
--
Erwann ABALEA
-
anatomie: ablatio
I'm assuming this is what you want. This is the contents of my chain file:
-BEGIN CERTIFICATE-
MIIFlDCCA3ygAwIBAgIJAJsm0MjspJZLMA0GCSqGSIb3DQEBBQUAMDoxGDAWBgNV
BAMTD2NhMy5kZWV6dGVrLmNvbTEeMBwGCSqGSIb3DQEJARYPY2EzQGRlZXp0ZWsu
Y29tMB4XDTEyMTExNzIzMDA1MVoXDTE3MTExNzIzMDA1MVowOjEYMBYGA1UEAxMP
Can you post here the certificate chain? Not the private key, only the
certificates, from the root down to the end-entity.
--
Erwann ABALEA
-
Ca se fait pas du tout d'avoir donné toutes les adresses email des
votants C bon pour les spammers ça !
[suit la liste intégrale des votants mal quoté
On Mon, Nov 19, 2012 at 10:53 AM, Deeztek.com Support
wrote:
> I fixed the command and it created the end user .pfx file. It imported
> successfully into windows but I get this message when I looked at the
> certification chain for the intermediate ca:
>
> This certification authority is not allow
I fixed the command and it created the end user .pfx file. It imported
successfully into windows but I get this message when I looked at the
certification chain for the intermediate ca:
This certification authority is not allowed to issue certificates or
cannot be used as an end-entity certifi
On Mon, Nov 19, 2012, Deeztek.com Support wrote:
> Nevermind the last message, you said *concatenate* the CA
> certificate together. So, this is what i did:
>
> Root cert:
> cat ca.crt > cachain.pem
>
> Int-ca cert:
>
> cat int-ca.crt >> cachain.pem
>
> Ran the following but it didn't work:
>
I meant, I run the command, I get no error, no pfx file is created and I
simply get the openssl help command:
Usage: pkcs12 [options]
where options are
-export output PKCS12 file
-chainadd certificate chain
-inkey file private key if not infile
What do you mean "didn't work"?
On Mon, Nov 19, 2012, Deeztek.com Support wrote:
> Nevermind the last message, you said *concatenate* the CA
> certificate together. So, this is what i did:
>
> Root cert:
> cat ca.crt > cachain.pem
>
> Int-ca cert:
>
> cat int-ca.crt >> cachain.pem
>
> Ran the following but it didn't work:
>
Nevermind the last message, you said *concatenate* the CA certificate
together. So, this is what i did:
Root cert:
cat ca.crt > cachain.pem
Int-ca cert:
cat int-ca.crt >> cachain.pem
Ran the following but it didn't work:
openssl pkcs12 -export -out someone.pfx -inkey someone.key -in
someone
On Mon, Nov 19, 2012, Deeztek.com Support wrote:
> Sorry, I'm not sure what you mean by concentrate the CA certificate
> together.
>
Join the root and intermediate CAs together in one file e.g. like this
under Linux:
cat intermediateca.pem root.pem >cacerts.pem
Then pass "-certfile cacerts.pem
Sorry, I'm not sure what you mean by concentrate the CA certificate
together.
On 11/19/2012 10:02 AM, Dr. Stephen Henson wrote:
On Mon, Nov 19, 2012, Deeztek.com Support wrote:
I have created a CA and an intermediate CA. I use the intermediate
CA to create self-signed s/mime certificates for
On Mon, Nov 19, 2012, Deeztek.com Support wrote:
>
> I have created a CA and an intermediate CA. I use the intermediate
> CA to create self-signed s/mime certificates for end users which
> works fine. I need to be able to create .pfx files form those end
> user certificates and include the CA cha
I have created a CA and an intermediate CA. I use the intermediate CA to
create self-signed s/mime certificates for end users which works fine. I
need to be able to create .pfx files form those end user certificates
and include the CA chain into the pfx file. Currently the command I use
to ex
18 matches
Mail list logo