Re: AW: Database file structure
On Friday 25 May 2007 09:54:22 [EMAIL PROTECTED] wrote: Bruno, A database line is structured as followed: 1. state of the cert (V=valid, R=revoked, E=expired where the state is not changes automatically if a cert expires) 2. end of validity 3. revocation time (empty when the cert ist not revoked) 4. serial number in hex 5. Where the cert can be found (only value is unknown today) 6. Name of certificate holder (normally the DN) Regards Thomas -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Bruno Costacurta Gesendet: Donnerstag, 24. Mai 2007 17:30 An: openssl-users@openssl.org Betreff: Database file structure Dears, just for curiosity, what are the structure description of the database file (often) called 'index' and which corresponds in fact to the parameter 'database' in openssl.cnf ? Please find a sample hereafter as it's mainly human readable. Thanks for any info. Bye, Bruno ... V 100221212735Z 03 unknown /C=BE/ST=Brussels Region/L=Brussels/O=Acme.org/CN=acer9100 radius client/[EMAIL PROTECTED] V 100523143810Z 04 unknown /C=BE/ST=Brussels Region/L=Brussels/O=Acme.org/CN=pc34ghz.org/emailAddress=bruno @Acme.org V 100523144327Z 05 unknown /C=BE/ST=Brussels Region/L=Brussels/O=Acme.org/CN=pc34ghz.org/emailAddress=bruno @Acme.org V 100523151137Z 06 unknown /C=BE/ST=Brussels Region/L=Brussels/O=Acme.org/CN=Bruno Acme/[EMAIL PROTECTED]/description=test only V 100523151243Z 07 unknown /C=BE/ST=Brussels Region/L=Brussels/O=Acme.org/CN=pc34ghz.org/emailAddress=bruno @Acme.org/description=for apache2 SSL server client ... -- PGP key ID: 0x2e604d51 Key : http://www.costacurta.org/keys/bruno_costacurta_pgp_key.html Key fingerprint = 713F 7956 9441 7DEF 58ED 1951 7E07 569B 2E60 4D51 -- Atos Origin GmbH, Theodor-Althoff-Str. 47, D-45133 Essen, Postfach 100 123, D-45001 Essen Telefon: +49 201 4305 0, Fax: +49 201 4305 689095, www.atosorigin.de Dresdner Bank AG, Hamburg: Kto. 0954411200, BLZ 200 800 00, Swift Code DRESDEFF200, IBAN DE6920080954411200 Geschftsfhrer: Dominique Illien, Handelsregister Essen HRB 19354, Ust.-ID.-Nr.: DE147861238 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] Thanks for details. In fact, I expected to see the fingerprint of the certificate stored somewhere in index.txt file (as CN is not a unique id within the CA). Any reason not to store the fingerprint ? Thanks for attention. Bruno -- PGP key ID: 0x2e604d51 Key : http://www.costacurta.org/keys/bruno_costacurta_pgp_key.html Key fingerprint = 713F 7956 9441 7DEF 58ED 1951 7E07 569B 2E60 4D51 -- pgp2qVts4cpD7.pgp Description: PGP signature
Re: AW: Database file structure
On Wednesday 30 May 2007 15:28:17 Bruno Costacurta wrote: On Friday 25 May 2007 09:54:22 [EMAIL PROTECTED] wrote: Bruno, A database line is structured as followed: 1. state of the cert (V=valid, R=revoked, E=expired where the state is not changes automatically if a cert expires) 2. end of validity 3. revocation time (empty when the cert ist not revoked) 4. serial number in hex 5. Where the cert can be found (only value is unknown today) 6. Name of certificate holder (normally the DN) Regards Thomas -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Bruno Costacurta Gesendet: Donnerstag, 24. Mai 2007 17:30 An: openssl-users@openssl.org Betreff: Database file structure Dears, just for curiosity, what are the structure description of the database file (often) called 'index' and which corresponds in fact to the parameter 'database' in openssl.cnf ? Please find a sample hereafter as it's mainly human readable. Thanks for any info. Bye, Bruno ... V 100221212735Z 03 unknown /C=BE/ST=Brussels Region/L=Brussels/O=Acme.org/CN=acer9100 radius client/[EMAIL PROTECTED] V 100523143810Z 04 unknown /C=BE/ST=Brussels Region/L=Brussels/O=Acme.org/CN=pc34ghz.org/emailAddress=bruno @Acme.org V 100523144327Z 05 unknown /C=BE/ST=Brussels Region/L=Brussels/O=Acme.org/CN=pc34ghz.org/emailAddress=bruno @Acme.org V 100523151137Z 06 unknown /C=BE/ST=Brussels Region/L=Brussels/O=Acme.org/CN=Bruno Acme/[EMAIL PROTECTED]/description=test only V 100523151243Z 07 unknown /C=BE/ST=Brussels Region/L=Brussels/O=Acme.org/CN=pc34ghz.org/emailAddress=bruno @Acme.org/description=for apache2 SSL server client ... -- PGP key ID: 0x2e604d51 Key : http://www.costacurta.org/keys/bruno_costacurta_pgp_key.html Key fingerprint = 713F 7956 9441 7DEF 58ED 1951 7E07 569B 2E60 4D51 -- Atos Origin GmbH, Theodor-Althoff-Str. 47, D-45133 Essen, Postfach 100 123, D-45001 Essen Telefon: +49 201 4305 0, Fax: +49 201 4305 689095, www.atosorigin.de Dresdner Bank AG, Hamburg: Kto. 0954411200, BLZ 200 800 00, Swift Code DRESDEFF200, IBAN DE6920080954411200 Geschftsfhrer: Dominique Illien, Handelsregister Essen HRB 19354, Ust.-ID.-Nr.: DE147861238 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] Thanks for details. In fact, I expected to see the fingerprint of the certificate stored somewhere in index.txt file (as CN is not a unique id within the CA). Any reason not to store the fingerprint ? Thanks for attention. Bruno My here-before email was quite incorrect : indeed the serial number of the certificate allows of course a unique selection within the CA. Bye, Bruno -- PGP key ID: 0x2e604d51 Key : http://www.costacurta.org/keys/bruno_costacurta_pgp_key.html Key fingerprint = 713F 7956 9441 7DEF 58ED 1951 7E07 569B 2E60 4D51 -- pgpGogfT8lnVb.pgp Description: PGP signature
Re: AW: Database file structure
Bruno Costacurta schrieb: [...] Thanks for details. In fact, I expected to see the fingerprint of the certificate stored somewhere in index.txt file (as CN is not a unique id within the CA). Any reason not to store the fingerprint ? The serial number of a certificate is (must be!) unique for a CA and is included. So why should a fingerprint be stored also? If you can calculate a fingerprint you can also extract the serial number from the certificate... Thanks for attention. Bruno Hope it helps. Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 smime.p7s Description: S/MIME Cryptographic Signature
Re: AW: Database file structure
Thank you Bernhard/ Ted (?), that is exactly what I was looking for. For everyone who wants to know the time format: start reading Bernhards link from behind. Best regards Dominic Bernhard Froehlich wrote: Have a look at http://www.mail-archive.com/openssl-users@openssl.org/msg45982.html Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 -- View this message in context: http://www.nabble.com/Database-file-structure-tf3810867.html#a10814776 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
AW: Database file structure
Bruno, A database line is structured as followed: 1. state of the cert (V=valid, R=revoked, E=expired where the state is not changes automatically if a cert expires) 2. end of validity 3. revocation time (empty when the cert ist not revoked) 4. serial number in hex 5. Where the cert can be found (only value is unknown today) 6. Name of certificate holder (normally the DN) Regards Thomas -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Bruno Costacurta Gesendet: Donnerstag, 24. Mai 2007 17:30 An: openssl-users@openssl.org Betreff: Database file structure Dears, just for curiosity, what are the structure description of the database file (often) called 'index' and which corresponds in fact to the parameter 'database' in openssl.cnf ? Please find a sample hereafter as it's mainly human readable. Thanks for any info. Bye, Bruno ... V 100221212735Z 03 unknown /C=BE/ST=Brussels Region/L=Brussels/O=Acme.org/CN=acer9100 radius client/[EMAIL PROTECTED] V 100523143810Z 04 unknown /C=BE/ST=Brussels Region/L=Brussels/O=Acme.org/CN=pc34ghz.org/emailAddress=bruno @Acme.org V 100523144327Z 05 unknown /C=BE/ST=Brussels Region/L=Brussels/O=Acme.org/CN=pc34ghz.org/emailAddress=bruno @Acme.org V 100523151137Z 06 unknown /C=BE/ST=Brussels Region/L=Brussels/O=Acme.org/CN=Bruno Acme/[EMAIL PROTECTED]/description=test only V 100523151243Z 07 unknown /C=BE/ST=Brussels Region/L=Brussels/O=Acme.org/CN=pc34ghz.org/emailAddress=bruno @Acme.org/description=for apache2 SSL server client ... -- PGP key ID: 0x2e604d51 Key : http://www.costacurta.org/keys/bruno_costacurta_pgp_key.html Key fingerprint = 713F 7956 9441 7DEF 58ED 1951 7E07 569B 2E60 4D51 -- Atos Origin GmbH, Theodor-Althoff-Str. 47, D-45133 Essen, Postfach 100 123, D-45001 Essen Telefon: +49 201 4305 0, Fax: +49 201 4305 689095, www.atosorigin.de Dresdner Bank AG, Hamburg: Kto. 0954411200, BLZ 200 800 00, Swift Code DRESDEFF200, IBAN DE6920080954411200 Geschäftsführer: Dominique Illien, Handelsregister Essen HRB 19354, Ust.-ID.-Nr.: DE147861238 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: AW: Database file structure
Hello Bruno and Thomas, Number 1 and 4-6 are definitively right as long as I know. I think that number 2 and 3 are correct too. But I‘m not quiet sure. Thomas would you be so kind and tell me in what format the time is written? Or just give me link where I can find the information; my search wasn’t succesful. Thanks in advance and best regards Dominic thomas.beckmann wrote: Bruno, A database line is structured as followed: 1. state of the cert (V=valid, R=revoked, E=expired where the state is not changes automatically if a cert expires) 2. end of validity 3. revocation time (empty when the cert ist not revoked) 4. serial number in hex 5. Where the cert can be found (only value is unknown today) 6. Name of certificate holder (normally the DN) Regards Thomas -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Bruno Costacurta Gesendet: Donnerstag, 24. Mai 2007 17:30 An: openssl-users@openssl.org Betreff: Database file structure Dears, just for curiosity, what are the structure description of the database file (often) called 'index' and which corresponds in fact to the parameter 'database' in openssl.cnf ? Please find a sample hereafter as it's mainly human readable. Thanks for any info. Bye, Bruno ... V100221212735Z 03 unknown /C=BE/ST=Brussels Region/L=Brussels/O=Acme.org/CN=acer9100 radius client/[EMAIL PROTECTED] V100523143810Z 04 unknown /C=BE/ST=Brussels Region/L=Brussels/O=Acme.org/CN=pc34ghz.org/emailAddress=bruno @Acme.org V100523144327Z 05 unknown /C=BE/ST=Brussels Region/L=Brussels/O=Acme.org/CN=pc34ghz.org/emailAddress=bruno @Acme.org V100523151137Z 06 unknown /C=BE/ST=Brussels Region/L=Brussels/O=Acme.org/CN=Bruno Acme/[EMAIL PROTECTED]/description=test only V100523151243Z 07 unknown /C=BE/ST=Brussels Region/L=Brussels/O=Acme.org/CN=pc34ghz.org/emailAddress=bruno @Acme.org/description=for apache2 SSL server client ... -- PGP key ID: 0x2e604d51 Key : http://www.costacurta.org/keys/bruno_costacurta_pgp_key.html Key fingerprint = 713F 7956 9441 7DEF 58ED 1951 7E07 569B 2E60 4D51 -- Atos Origin GmbH, Theodor-Althoff-Str. 47, D-45133 Essen, Postfach 100 123, D-45001 Essen Telefon: +49 201 4305 0, Fax: +49 201 4305 689095, www.atosorigin.de Dresdner Bank AG, Hamburg: Kto. 0954411200, BLZ 200 800 00, Swift Code DRESDEFF200, IBAN DE6920080954411200 Geschäftsführer: Dominique Illien, Handelsregister Essen HRB 19354, Ust.-ID.-Nr.: DE147861238 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Database-file-structure-tf3810867.html#a10801535 Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: AW: Database file structure
domi schrieb: Hello Bruno and Thomas, Number 1 and 4-6 are definitively right as long as I know. I think that number 2 and 3 are correct too. But I‘m not quiet sure. Thomas would you be so kind and tell me in what format the time is written? Or just give me link where I can find the information; my search wasn’t succesful. Thanks in advance and best regards Dominic Have a look at http://www.mail-archive.com/openssl-users@openssl.org/msg45982.html Ted ;) -- PGP Public Key Information Download complete Key from http://www.convey.de/ted/tedkey_convey.asc Key fingerprint = 31B0 E029 BCF9 6605 DAC1 B2E1 0CC8 70F4 7AFB 8D26 smime.p7s Description: S/MIME Cryptographic Signature