Dear all,
I've found some very important info on what the renewed CA cert should be
like:
Please see the last comment at
https://bugzilla.mozilla.org/show_bug.cgi?id=492900
However, I've tried hard, without success, to create such a CA cert. I've
followed
http://marc.info/?l=openssl-users&m=1132
Please post the openssl x509 -noout -text output of your client certificate?
-Kyle H
On Wed, May 13, 2009 at 2:43 AM, Kent Tong wrote:
>
>
>
>> 'the' CA being a private or internal one, obviously.
>> (I assume this CA is also trusted by some/all people you communicate
>> with, otherwise you're n
> From: owner-openssl-us...@openssl.org On Behalf Of Kent Tong
> Sent: Wednesday, 13 May, 2009 05:43
> > When you 'install' the CAcert can you choose anything about
> intended
> > or allowed usage? Maybe some tickboxes?
>
> Yes, I checked "can identify web sites" and "can identify mail users".
Hi,
I've installed the new CA cert on a computer whose clock has been pulled
back. For
a mail signed in the past, Thunderbird says "could not verify this
certificate for
unknown reasons".
However, it can display the certificate chain properly.
-
--
Kent Tong
Wicket tutorials freely availab
> 'the' CA being a private or internal one, obviously.
> (I assume this CA is also trusted by some/all people you communicate
> with, otherwise you're not accomplishing anything by using it.)
Yes, it is a private CA trusted by all people in our organization.
> I'm not familiar with thunderbi
> From: owner-openssl-us...@openssl.org On Behalf Of Kent Tong
> Sent: Tuesday, 12 May, 2009 04:20
> The cert of the CA has expired. I've renewed the CA cert using:
>
'the' CA being a private or internal one, obviously.
(I assume this CA is also trusted by some/all people you communicate
with,
On Sat, Nov 26, 2005, Jason Haar wrote:
> Arsen Hayrapetyan wrote:
> > A solution could be one which Jason described. May be the reason by
> > which the new root certificate is not recognized is that the serial
> > number was changed?
> >
>
> Could very well be the case. Our original CA had a
Arsen Hayrapetyan wrote:
> A solution could be one which Jason described. May be the reason by
> which the new root certificate is not recognized is that the serial
> number was changed?
>
Could very well be the case. Our original CA had a serial number of "0".
This has proven to be a bad move
Hi Greg and Jason,
Greg Vickers wrote:
> Hi all,
>
> Jason Haar wrote:
>
>> Greg Vickers wrote:
>>
>>> Thanks again - we will do a re-key. Would I use the CA.pl script and
>>
>
>
>
>> I really hope someone who knows more than Greg and I can give an
>> authoritative answer to this question. I'd L
Hi all,
Jason Haar wrote:
Greg Vickers wrote:
Thanks again - we will do a re-key. Would I use the CA.pl script and
I really hope someone who knows more than Greg and I can give an
authoritative answer to this question. I'd LOVE to know how to recreate
a CA cert (instead of creating a new
Arsen,
Arsen Hayrapetyan wrote:
However, if your CA root certificate is expiring soon, isn't it better
idea to do a re-key (of course, if it is allowed by your policy) than to
continue to use the old key-pair? (It is safer to do re-key time to time
than use the same key-pair for a long perio
Greg Vickers wrote:
> Thanks again - we will do a re-key. Would I use the CA.pl script and
> put in the same information that is in the original CA certificate?
> Will that result in a CA certificate that can be used in browsers etc
> and will authenticate web server certificates issued by the old
Thanks Arsen!
Arsen Hayrapetyan wrote:
I am in the process of renewing a root CA certificate (which is
expiring soon.) I should be able to use the original certificate
signing request to issue a new certificate for the CA, correct?
Yes. But even if you don't have the original certificate signi
Hi Greg,
Greg Vickers wrote:
> Argh, hit the send button before I had finished *blush*
>
> Greg Vickers wrote:
>
>> Hi all,
>>
>> I am in the process of renewing a root CA certificate (which is
>> expiring soon.) I should be able to use the original certificate
>> signing request to issue a new c
Argh, hit the send button before I had finished *blush*
Greg Vickers wrote:
Hi all,
I am in the process of renewing a root CA certificate (which is expiring
soon.) I should be able to use the original certificate signing request
to issue a new certificate for the CA, correct?
And what is th
15 matches
Mail list logo
