Hello Björn;
On January 28, 2010 05:40:57 am Björn Lantz wrote:
> Dear listreaders,
>
> I have a question about whos/which CRL the crlDistributionPoints in a
> certificate should point out. I have spent a few days looking for a
> recommendation or common practice, but without success.
>
Check out
Hello everbody,
in the end I was able to solve my problem and here is what I’ve done. If you
want to follow my example just be careful and read the warnings in the other
comments concerning this topic.
As Patrick suggested I was in need of the "copy extensions" but at that time
I just didn’t know
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi domi,
domi wrote:
> After one day pending-status I'll post this message again.
?? At least your message never reached me...
> domi wrote:
>> Just some last explanations: Of course my scenario is just fictional and I
>> won’t try to set up a comm
After one day pending-status I'll post this message again.
domi wrote:
>
> I won’t quote our complete conversation because it has grown to a rather
> huge amount of text. I just will say: Yes, Goetz you are right ;)
> So I come to the conclusion that I can’t to those things in OpenSSL which
> I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
domi wrote:
> Goetz wrote:
>
> I think your security model is broken.
> A CRL and with that the server clients can download it from is part of
> the chain of security of the CA.
> So theses servers must be on (best case) dedicated servers that are
> s
Goetz wrote:
I think your security model is broken.
A CRL and with that the server clients can download it from is part of
the chain of security of the CA.
So theses servers must be on (best case) dedicated servers that are
specially hardened for this usage.
These servers are a (potentially outs
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Domi,
domi wrote:
> which is helpful but not exactly what I had in mind ;) You couldn’t know
> this because I forgot to mention my aims. I’m trying to realise the
> following scenario:
> The CRL shall be kept on the server of the SSL-website and
Thank you for your quick answer,
which is helpful but not exactly what I had in mind ;) You couldn’t know
this because I forgot to mention my aims. I’m trying to realise the
following scenario:
The CRL shall be kept on the server of the SSL-website and not within the
servers of the CA in order to
On Wednesday 31 January 2007 06:45, domi wrote:
> Hello,
>
> I searched and tried a lot but wasn't able to solve the following problem:
>
> I have built my own little CA (with the help of the OpenSSL book of
> O'Reilly). I can create certificate requests and issue certificate from
> them. Now I wan
Dr. Stephen Henson wrote:
> On Sun, Oct 29, 2006, Karsten Ohme wrote:
>
>
>>Hello,
>>
>>The example from:
>>
>>http://www.openssl.org/docs/apps/x509v3_config.html
>>
>
>
> Those docs are for 0.9.9-dev check the docs with your distribution.
OK, works better. Almost.
But I want to add an base D
On Sun, Oct 29, 2006, Karsten Ohme wrote:
> Hello,
>
> The example from:
>
> http://www.openssl.org/docs/apps/x509v3_config.html
>
Those docs are for 0.9.9-dev check the docs with your distribution.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core
On Thu, Nov 06, 2003, Mike Acar wrote:
>
> I'll answer several messages at once in this mail.
>
> Nils Larsch <[EMAIL PROTECTED]> wrote:
>
> > Try:
> >
> > [EMAIL PROTECTED]
> >
> > [dist_point]
> > dirName=dir_name
> >
> > [dir_name]
> > C=FI
> > O=SSH Communications Security Corp
> > CN=SS
I'll answer several messages at once in this mail.
Nils Larsch <[EMAIL PROTECTED]> wrote:
> Try:
>
> [EMAIL PROTECTED]
>
> [dist_point]
> dirName=dir_name
>
> [dir_name]
> C=FI
> O=SSH Communications Security Corp
> CN=SSH Test CA 2 No Liabilities
>
> this works for me (note: I'm using 0.9.8
Hi,
> crlDistributionPoints = DirName:/C=FI/O=SSH Communications Security Corp/CN=SSH Test
> CA 2 No Liabilities
How about
crlDistributionPoints = @crl_dist
[ crl_dist ]
DirName = /C=FI/O=SSH Communications Security Corp/CN=SSH Test CA 2 No Liabilities
-Kiyoshi
Kiyoshi Watanabe
> and
"Hellan,Kim KHE" wrote:
>
> Hi
>
> I have a certificate with a crlDistributionPoint extension. Using OpenSSL
> terms, the extension consists of two DIST_POINT*.one of the type
> GEN_DIRNAME and the other of the type GEN_URI.
> In my code I have "parsed" these DIST_POINT* and what I end up wi
ssl wrote:
>
> Don't know whether it helps :
> comment out the line :
> crl_extensions = crl_ext
> and the [crl_ext] section.
>
all ok, I forgot to upgrade my openssl tree
Thanks...
--
Dott. Sergio Rabellino
Technical Staff
Department of Computer Science
University of Torino (Ital
Don't know whether it helps :
comment out the line :
crl_extensions = crl_ext
and the [crl_ext] section.
On Fri, 2 Jul 1999, Sergio Rabellino wrote:
> ssl wrote:
> >
> > Sure it can, like my openssl.cnf :
> >
> > crlDistributionPoints=URI:http://sgiinda.csc.cuhk.edu.hk/1.crl
> >
> > need not
ssl wrote:
>
> Sure it can, like my openssl.cnf :
>
> crlDistributionPoints=URI:http://sgiinda.csc.cuhk.edu.hk/1.crl
>
> need not be https because the crl is signed by CA.
> And pretty good checked by IE and outlook express, if you
> click the check box "Check for server certificate revocation"
18 matches
Mail list logo
