On 8/7/09 11:47 AM, Johnathan Nightingale wrote:
- "Certificate's serial number and the issuer name as a base64 encoded
string". I can get the cert's serial number& issuer name usign
openssl, but a simple base64 encoding of those values doesn't seem to
be right. Can any one please tell me (or point me to a location) how
this magic string is generated?
I suspect you want to base64 encode the binary value of the serial, not
the ASCII representation output by openssl. That is, you don't want to
base64 the _string_ "08 BE 4F..." you want to base64 encode the binary
byte array with values 0x08, 0xBE, 0x4F, etc.
Johnathan is right on. I think you need to generate a base64-encoded
version of the binary values (not the textual serializations). I did
something similar when playing with EV certificates, and the method I
used to get these encoded values involved patching NSS tools to spit
them out.
I wrote up some rough "how to install an ev root" instructions a while
back here, including how to get those encoded values:
http://evssl-trust.sidstamm.com/firefox-evca.html#patch-source
* You need to check out the NSS source and patch it to spit out b64
encodings of those values. Use the second patch listed at the link above
(http://evssl-trust.sidstamm.com/pp.patch), the first patch is
unnecessary for this purpose.
http://evssl-trust.sidstamm.com/firefox-evca.html#build-nss
* Then build the tools.
http://evssl-trust.sidstamm.com/firefox-evca.html#install-ca-and-ev
* The first couple of steps in this section explain how to get the
encoded values.
Hope this is helpful.
-Sid
_______________________________________________
dev-security mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security
