* Christian Kreibich <[EMAIL PROTECTED]>:
> > Could you recommend a good book on openssl?
>
> The O'Reilly book by Viega, Messier and Chandra is useful -- they show
> you one way to OpenSSL-enable an existing application, plus other parts
> of the API. It also shows you how to do nonblocking I/O w
On Wed, 2005-02-23 at 13:44 +0100, Patrick Ben Koetter wrote:
> * Dr. Stephen Henson <[EMAIL PROTECTED]>:
> > Yes that's basically it. While it is also possible to restrict CA purposes
> > not all software supports and it is non standard.
>
> Could you recommend a good book on openssl?
The O'Reil
* Dr. Stephen Henson <[EMAIL PROTECTED]>:
> Yes that's basically it. While it is also possible to restrict CA purposes
> not all software supports and it is non standard.
Could you recommend a good book on openssl?
I really want to learn more about it, but I find it hard to find some good
docs.
T
On Tue, Feb 22, 2005, ray v wrote:
> Ok I figured it out, doh!
>
> Here's part of my openssl command
>
> openssl x509 -req -days $days -in $csrfile -extfile
> extfile -extensions extend
>
> I use -extfile and -extensions
>
> Here's my extfile
>
> extensions = extend
> [ extend ]
> keyUsage
ray v wrote:
Ok I figured it out, doh!
Here's part of my openssl command
openssl x509 -req -days $days -in $csrfile -extfile
extfile -extensions extend
I use -extfile and -extensions
Here's my extfile
extensions = extend
[ extend ]
keyUsage = digitalSignature
extendedKeyUsage = clientAuth
nsCer
ray v wrote:
Let me see if I understand what your saying?
I need to generate another CA certificate the has only
ssl client set yes?
This does not make sense especially if you read the
extension section in the openssl.cnf file [ usr_cert ]
which specifies that upon signing you can change the
purpos
Ok I figured it out, doh!
Here's part of my openssl command
openssl x509 -req -days $days -in $csrfile -extfile
extfile -extensions extend
I use -extfile and -extensions
Here's my extfile
extensions = extend
[ extend ]
keyUsage = digitalSignature
extendedKeyUsage = clientAuth
nsCertType = cl
Let me see if I understand what your saying?
I need to generate another CA certificate the has only
ssl client set yes?
This does not make sense especially if you read the
extension section in the openssl.cnf file [ usr_cert ]
which specifies that upon signing you can change the
purpose of the ce
ray v wrote:
Hi Michael,
Thanks for responding.
My problem is a little more involved then that. I'm
the CA, err using openssl can creating a CA
certificate using the v3_ca extension. I have quite a
number of certificate being used by our servers.
Recently we wanted to start generating user
certific
ray v wrote:
Hi Michael,
Thanks for responding.
My problem is a little more involved then that. I'm
the CA, err using openssl can creating a CA
certificate using the v3_ca extension. I have quite a
number of certificate being used by our servers.
Recently we wanted to start generating user
certific
Hi Michael,
Thanks for responding.
My problem is a little more involved then that. I'm
the CA, err using openssl can creating a CA
certificate using the v3_ca extension. I have quite a
number of certificate being used by our servers.
Recently we wanted to start generating user
certificates but we
ray v wrote:
Hello all!
I'm looking for ways to turn off and on features in
the "Certificate purposes" are of a certificate. I've
read over extfile and extension plus looked at
basicContraints.
I'm unclear by the documentation written for openssl,
x509, ca, etc., just how to do this. Can someone
12 matches
Mail list logo
