Hi Jijo,
I believe interesting information can be found here :
http://www.openssl.org/docs/ssl/SSL_CTX_use_certificate.html
Regards
Le 13/01/2011 17:16, Jijo a écrit :
Thanks for the response..
>>You have to get the IC to the client somehow. The usual method is to
have the server send it. Do
Thanks for the response..
>>You have to get the IC to the client somehow. The usual method is to have
the server send it. Does the server software provide a way to supply a
certificate chain?
What do you mean by server sending it? is it on TLS negotiation?
What do you mean by certificate chain?
On 1/12/2011 3:19 PM, Jijo wrote:
Hi All,
I hope this a basic question for you guys..
I'm trying to setup TLS connection between Client and Server.
In the server i did following things,
1. Created a selfsigned rootCA
2. Created IntermediateCA and signed with rootCA.
3. Create a Server Certific
On Tue, Sep 25, 2007, Bynum, Don wrote:
> Please send me your extensions file, CA cert/Key and the CSR you are
> using for your intermediate. I am assuming that what you have so far is
> for testing purposes. Otherwise, I would not ask for the CA key
> (obviously). Send them to me as a zip file
enssl.org
Subject: RE: intermediate CA configuration
I have given the command
openssl x509 -req -days 365 -in intermediate.csr -CA root.certkey
-CAcreateserial -out intermediate.crt -extensions usr_cert -extfile
/etc/sll/openssl.cnf
after creating the root CA, the root.certkey is having ke
I have given the command
openssl x509 -req -days 365 -in intermediate.csr -CA root.certkey
-CAcreateserial -out intermediate.crt -extensions usr_cert -extfile
/etc/sll/openssl.cnf
after creating the root CA, the root.certkey is having key and crt files.Is
this command enough for creating the i
This should be good for most purposes. Note the basicConstraints
attribute of pathlen. Unlike the root CA which has no pathlen, the
intermediate has a pathlen of 0.
###
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always
crlDistributionPoints=URI:http://crl1.somedomain.com/IntCA.crl,UR
On Wed, May 17, 2006, Phil Dibowitz wrote:
> Dr. Stephen Henson wrote:
> > Your problem is that you are telling OpenSSL to include the AKID
> > extension by
> > copying the SKID from the issuing CA. That CA doesn't have an SKID
> > extension
> > so it gives the error.
> >
> > Either remove that e
Dr. Stephen Henson wrote:
> Your problem is that you are telling OpenSSL to include the AKID
> extension by
> copying the SKID from the issuing CA. That CA doesn't have an SKID
> extension
> so it gives the error.
>
> Either remove that extension from the config file or include SKID in the
> root
On Tue, May 16, 2006, Phil Dibowitz wrote:
> OpenSSL folks,
>
> I'm having an issue when making an intermediate CA.
>
> As I understand the specs (and please, correct me if I'm wrong), a root
> (i.e. self-signed) CA can be a v1 certificate, but intermediate CAs must:
>(a) be v3
>(b) have
On Tue, Dec 02, 2003, Jia L Wu wrote:
> Hello,
> My question is:
> I created a certificate chain: usr.cert->CA_1.cert->CA.cert.
> where CA.cert is self-signed certificate and is imported as trusted
> certificate.
> Signing CA_1's request with CA's private key and certificate generates
> CA_1.cert.
> Oscar wrote:
>
> Hello. I try to create a Intermediate CA but i don´t know to do it. I
> create a CA root self signed but the pathlen is 0, it means that this
> CA signed end user, is it? Then how i create a intermediate CA? And
> possibly i want to create a second intermediate CA who sign this
Maxime Dubois wrote:
>
> What I wanted to know is: How does a root CA say it does not trust anymore
> a sub-CA it has signed before?
By revoking the certificate of the sub CA.
Revoking means putting it into the root CA's CRL.
Ciao, Michael.
__
Hello and thanks for your help,
> > > 1. How can I revoke an intermediate CA? Is It Possible?
>
> Yes it is possible. Just have the parent CA issue a CRL that includes
> the intermediate.
Do you mean that the parent CA's CRL must include the intermediate CA's
CRL?
I'm not sure I really understa
> > 1. How can I revoke an intermediate CA? Is It Possible?
Yes it is possible. Just have the parent CA issue a CRL that includes
the intermediate.
> > 2. Is there a list/index of all the sub-CAs signed by a root CA?
No. Not unless the CA makes a special effort to do this, such as by
publishi
Hi
Still no reply, maybe the answer is obvious, but I don't know it and
I need it, so please could you help me?
Any ideas?
Thanks.
Maxime
Hi all,
I want to create a CA chain, and I have some questions about it:
1. How can I revoke an intermediate CA? Is It Possible?
2. Is there a list/index o
16 matches
Mail list logo
