Hello,I want to create an extensions in certificate. In documentation I red, how it's poissible to do it. There are 2 ways:1) create alias to my extension;2) create an a structure for may extension. I create alias and generate a certificate with alias. How can I red it? OpenSSL read my extension fi
Dear participators,
trying to add some x509v3 extension awareness tu openssl
we've become a bit short for solutions.
x509 extensions are as versatile as asn1 permits. As extension
to certificates there are an object id and a critical flag
followed by whatsoever.
If it comes to unknown oids at l
With reference to Charles' comments, I still have the
> luxury of time before having to issue certs in anger.
With us it was not time, per se, if you notice the postings
for our CA we had our first signing party in February of
the year that our 5-year 1998 previous root expired in August.
So that'
On Fri, Mar 05, 2004, Claus Nagel wrote:
> > It follows the RFC3280 recommendation in 4.2.1.2 (1):
> >
> > The keyIdentifier is composed of the 160-bit SHA-1 hash of the
> > value of the BIT STRING subjectPublicKey (excluding the tag,
> > length, and number of unuse
> It follows the RFC3280 recommendation in 4.2.1.2 (1):
>
> The keyIdentifier is composed of the 160-bit SHA-1 hash of the
>value of the BIT STRING subjectPublicKey (excluding the tag,
>length, and number of unused bits).
thanks. sorry, i missed that point whi
On Fri, Mar 05, 2004, Claus Nagel wrote:
> > The SKID can be calculated automatically by the extension code (see
> > doc/openssl.txt). The AKID is normally copied from the SKID of the issuers
> > certificate.
>
> As for the SKID I found the following in the openssl.txt:
> Example: subjectKeyIdent
> The SKID can be calculated automatically by the extension code (see
> doc/openssl.txt). The AKID is normally copied from the SKID of the issuers
> certificate.
As for the SKID I found the following in the openssl.txt:
Example: subjectKeyIdentifier=hash
But which values are taken to calculate tha
On Fri, Mar 05, 2004, Claus Nagel wrote:
> hello,
> how do i compute the values for X509v3 Subject Key Identifier and X509v3
> Authority Key Identifier{keyid} in a X509v3 certificate? And where can I store
> MD5 or SHA1 thumbprints in a X509v3 certificate?
> thx,
The SKID can be calculated automa
hello,
how do i compute the values for X509v3 Subject Key Identifier and X509v3
Authority Key Identifier{keyid} in a X509v3 certificate? And where can I store
MD5 or SHA1 thumbprints in a X509v3 certificate?
thx,
Claus Nagel
--
+++ NEU bei GMX und erstmalig in Deutschland: TÜV-geprüfter Virenschu
be in X509V3 is
no more
place for X509 attributes instead of several X509V3 extensions?
In case of OID openssl ca traces the OID-section and their
settings in the
config file very well but assigning any value to the oid variable
in the
extension section araise an error. What happens? Browsing the
> check out the doc/openssl.txt file.
Thanks, that did the trick. This information should
probably be put in the man page, or at least referenced
by it.
As a quick reference for others, the steps I performed
to get x509v3 fields I needed are to create a config file:
- ext.conf -
April 16, 2001 2:35 PM
Subject: adding x509v3 extensions
>
> Hi,
>I'm trying to figure out how to add x509v3 extensions
> using the openssl x509 utility. The man page mentions
> that the -extfile can be used to specify extensions to
> be used by a certificate. Looking at
Hi,
I'm trying to figure out how to add x509v3 extensions
using the openssl x509 utility. The man page mentions
that the -extfile can be used to specify extensions to
be used by a certificate. Looking at the code, it looks
like it parses this as a normal conf file, looking i
Hi all,
I have one doubt regarding the X509 v3
extensions.
How to add the X509 v3 extension attributes to the
certificate request?
Regards
Suram
Hi,
I want to create a mini CA. My "user" certs should be used
for S/MIME and SSL Client Authentication. The certificates
should be useable with Netscape and Outlook.
I've created the certs, but I have some problems with it.
The automatic certificate type detection of windows always
selects su
er, since these are X509 objects, I wish these objects not be used as
X509v3 extensions, and to be used within the X509 subject.
X509_NAME_ENTRY_create_by_NID (&nameEntry, nid,
V_ASN1_PRINTABLESTRING,
(unsigned char *) "+1-416-860-9378", -
P, so I cannot examine those certs for
comparison, and look for X509v3 extensions. Do you know where we can
download these new certs, I can't find them on Verisign's website?
(BTW, none of the older Verisign root CA certs except the newest one in
Mozilla 6.0 pr2 has OCSP support. And non
Hi all,
I'm having trouble with x509v3 extensions: my home-made certificates do not
work for client authentication.
Netscape's complain is that "The certificate is not approved for the
attempted application", and in the apache error_log I get the following
line:
"...ss
18 matches
Mail list logo
