The empty option string. I am just running "grid-proxy-init". I got
the path length information from openssl x509 -in /tmp/x509u_u501 -
noout -text. You could also use grid-cert-info, as Joe said.
Charles
On Aug 11, 2008, at 8:34 AM, I8abyte wrote:
Err ... rather ... I mean, what grid-proxy-init options are you using
to *set* the properties below?
On Mon, Aug 11, 2008 at 9:08 AM, I8abyte <[EMAIL PROTECTED]> wrote:
Charles--
What options are you using with 'grid-proxy-init' to get the proxy
certificate properties below? How did you set the path length
constraint below? When I run the x509 query on my proxy cert it
doesn't indicate any of the options below ....
Ben--
On Fri, Aug 1, 2008 at 4:19 PM, Charles Bacon <[EMAIL PROTECTED]>
wrote:
I am reminded by someone who knows more than I do that the pathlen
only
shows up in proxies.
How are you getting your proxy? When I run grid-proxy-init, I get:
Proxy Certificate Information: critical
Path Length Constraint: infinite
Policy Language: Inherit all
Charles
On Aug 1, 2008, at 2:56 PM, Charles Bacon wrote:
Beats me. When I look at my cert with openssl x509 -text, I
don't see a
path length constraint.
Charles
On Aug 1, 2008, at 2:34 PM, I8abyte wrote:
On Fri, Aug 1, 2008 at 9:50 AM, Charles Bacon
<[EMAIL PROTECTED]> wrote:
On Aug 1, 2008, at 6:45 AM, I8abyte wrote:
I tinkered with the -xo and the -xi options but no luck but
I'm not
sure I'm doing it correctly. The <dcau>false</dcau> inside the
<rftOptions> block did nothing, it still complains about the
CA path
length. I'd still like to hear your take on it, or anyone
else's.
My naive question is, who's your issuer and why did they put a
pathlen 2
restriction on your certificate? It seems like either they
could remove
that restriction or you could get a different issuer.
Charles
I have trusted CAs ... I've cleared the diags ... does it matter
one
red-cent what the path length is besides zero "0"? I thought
anything
over "0" was chain-able ... educate me or point me elsewhere...
