On Fri, Dec 29, 2006, Aaron Barnes wrote:
> Wonderful!
> I redid the root CA setup using ca.pl, modified the openssl.cnf file to
> CA:TRUE in the v3_ca section, and signed the subordinate request using
> the previous command:
> (ca -config /path/openssl.cnf -out thecertificate.pem -in
> requestfil
laced elsewhere? It didn't work
when I placed it in the v3_ca section.
Thanks,
Aaron
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson
Sent: Thursday, December 28, 2006 15:47
To: openssl-users@openssl.org
Subject: Re: OpenSSL wi
Don't forget Path Length.
-Kyle H
On 12/28/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote:
On Thu, Dec 28, 2006, Aaron Barnes wrote:
> Yes I did. I had to install that yesterday also in order for the
> subordinate to trust the root.
>
> I was reading on the web site (specifically on this we
On Thu, Dec 28, 2006, Aaron Barnes wrote:
> I think I see what you're getting at now. I reviewed the text of the
> root and the subordinate certs; the root does NOT have the CA:TRUE
> (false obviously), the subordinate does have CA:TRUE. So I guess this
> tells me I must have installed the roo
.org
Subject: Re: OpenSSL with Windows subordinates
If you used the CA.pl script to generate the certificates it should just
"do the right thing". The standard openssl.cnf has some sensible
defaults which should suit most purposes.
That includes using basicConstraints for a CA certificate.
On Thu, Dec 28, 2006, Aaron Barnes wrote:
> Yes I did. I had to install that yesterday also in order for the
> subordinate to trust the root.
>
> I was reading on the web site (specifically on this web page:
> http://www.openssl.org/docs/apps/x509v3_config.html# ) It would seem to
> indicate on
nssl-users@openssl.org
Subject: Re: OpenSSL with Windows subordinates
On Thu, Dec 28, 2006, Aaron Barnes wrote:
> I think we're making some progress with resolving this problem. I
> signed a new request with the switch you mentioned and loaded it onto
> the subordinate. I don'
On Thu, Dec 28, 2006, Aaron Barnes wrote:
> I think we're making some progress with resolving this problem. I
> signed a new request with the switch you mentioned and loaded it onto
> the subordinate. I don't receive the old ASN1 error, which is good, but
> now I've received one I've never seen
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson
Sent: Wednesday, December 27, 2006 15:04
To: openssl-users@openssl.org
Subject: Re: OpenSSL with Windows subordinates
>
Yes the signing command is incorrect. By default the certificate is an
en
On Wed, Dec 27, 2006, Aaron Barnes wrote:
> With Windows certificate services, upon installation it will ask you to
> select the type of CA the server is to become from 4 different options.
> I've chosen an enterprise online CA, however its parent is offline, so
> of course I cannot make an online
dnesday, December 27, 2006 11:24
To: openssl-users@openssl.org
Subject: Re: OpenSSL with Windows subordinates
The private key resides on the Windows machine and doesn't leave it
which is as it should be. A PKCS#12 file is only really used when the
private key and matching certificate are prese
On Wed, Dec 27, 2006, Aaron Barnes wrote:
> I have an OpenSSL CA running on a BSD 6.1 machine as the root, and am
> trying to have that act as the parent to subordinate Windows online
> enterprise CAs.
>
>
> The installation went fine. I signed the Windows subordinate CA cert
> request with
12 matches
Mail list logo
