Richard Levitte - VMS Whacker wrote: >From: Patrick McEvoy <[EMAIL PROTECTED]> > >pmcevoy> I have been issued a X.509 Version 1 certificate for use with >pmcevoy> Visibroker SSL Pack 4.5 for C++ for Linux. However, >pmcevoy> Visibroker SSL Pack 4.5 uses SSL Plus 3.0 from Certicom which >pmcevoy> can not read X.509 Version 1 certificates only Version 3 >pmcevoy> certificates (The Visibroker SSL Pack 4.5 specs say it is >pmcevoy> Version 1 capable). Is there any way I can convert the >pmcevoy> Version 1 certificate to a Version 3 certificate and at the >pmcevoy> same time maintain the integrity of the certificate? > >There's no way you can convert an existing certificate in the way you >desire. What you have to do is to get a new certificate that is >X.509 version 3. The simpler way to do that is to have at least one >extension included in the certificate (key usage, subjectaltname, ...) >so ther version would be forced to 3, since such things can't exist in >version 1 certificates. > >It sounds like your story has a bit more to it than what you write. >The only reason I can see to refuse to parse version 1 certificates is >because some version 3 extension is required, so I'd advice you to >check exactly what extensions are required by SSL Plus and what values >are accepted. > Thank you for such a quick response!
It would be much easier if I could link Visibroker with OpenSSL rather than SSLPlus or use ORBit with OpenSSL but unfortunately I am restricted to using non-open source middleware at the moment. The prroblem is indeed the extensions. I need to set the Basic Constraints extension to CRITICAL but since Version 1 does not accept extensions I thought I might be able to convert it to Version 3 first and then create an extension. Thanks again for your help, Patrick ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
