I got it to work; the command below just needs:
" -extfile ../openssl.cnf -extensions usr_cert"
I had ASSUMED that since "openssl req" and "openssl ca" can find the "openssl.cnf" file, that "openssl x509" could also.
-- Dean
Dean Gibson (System Administrator) wrote on 2003-07-25 11:49:
Thanks
t; Sent: 14 July 2003 18:35
> To: [EMAIL PROTECTED]
> Subject: RE: Signing a CSR from JetDirect
>
>
>
> > It seems to me that it is in the best interest of the major
> > CAs to not offer wildcard certificates; that way, they can
> > charge their outrageous prices fo
> -Original Message-
> From: Bob DeBolt [mailto:[EMAIL PROTECTED]
> Sent: 14 July 2003 18:35
> To: [EMAIL PROTECTED]
> Subject: RE: Signing a CSR from JetDirect
>
>
>
> > It seems to me that it is in the best interest of the major
> > CAs to not of
David Schwartz wrote:
The right thing is for the CA to issue a limited wildcard CA cert.
Basically, it would say that a certain key may sign certificates for all
hosts inside a particular domain. That way you only need one key signed by
an outside authority and it doesn't matter if one of
> On Mon, Jul 14, 2003 at 11:35:01AM -0600, Bob DeBolt wrote:
> > > It seems to me that it is in the best interest of the major
> > > CAs to not offer wildcard certificates; that way, they can
> > > charge their outrageous prices for each certificate that you
> > > need, and when you happen to c
On Mon, Jul 14, 2003 at 11:35:01AM -0600, Bob DeBolt wrote:
>
> > It seems to me that it is in the best interest of the major
> > CAs to not offer wildcard certificates; that way, they can
> > charge their outrageous prices for each certificate that you
> > need, and when you happen to change
> It seems to me that it is in the best interest of the major
> CAs to not offer wildcard certificates; that way, they can
> charge their outrageous prices for each certificate that you
> need, and when you happen to change a hostname, they are
> right there at the trough looking for more mo
I used to generate a self-signed certificate for each hostname I was using for an SSL
connection (www.ultimeth.net, imaps.ultimeth.net, smtp.ultimeth.net, etc. ...). Then
a couple weeks ago in browsing the Internet, I happened across this site:
http://www.freessl.com. I noticed that they sell
I'm not sure that this is AT ALL relevant but I noticed that the
issuer CN has a wildcard and I wonder 1) what this means, and
2) if this could be confusing something?
Dean Gibson (System Administrator) wrote:
openssl x509 -req -in hplj4600dn1.csr -CA ultimeth.pem -days 3650 -set_serial 01 -out h
I put that in my openssl.cnf in the [ usr_cert ] section, and did:
openssl x509 -req -in hplj4600dn1.csr -CA ultimeth.pem -days 3650 -set_serial 01 -out
hplj4600dn1.crt
It didn't help; here's what "openssl x509 -in hplj4600dn1.crt -text -purpose" shows:
Certificate:
Data:
Version:
Hi,
The certificate on JetDirect can be used for both client and server
authentication. JetDirect expects the installed certificate to contain
extendedKeyUsage extension with the values serverAuth and clientAuth. Add the
following line "extendedKeyUsage = clientAuth, serverAuth" in the section
[us
The screen where I'm supposed to paste the certificate file says: "Please insert the
certificate into the text box provided. The certificate needs to be in PEM/Base64
encoding and less than 3kB in size, or the certificate will be rejected."
-- Dean
Michael Sierchio wrote on 2003-07-12 10:09:
>
12 matches
Mail list logo
