Hello
I want to thank the OpenCA teem for the effort they ave put in this
application. I have finished seting up OpenCA 0.8.0 snap 2001/6/30 the only
thing I have lift is the CRR. Here is what I have done so far in that: I can
request a CRR and go through the whole process in that but when it comes
time to view the revocation request I get all blanks. it seems that the
listReq cammand cannot parse the request to get the DN entry and the other
information in the CRR. I tried to print the DN that is the result of the
following statement $myDN = $req->getParsed()->{DN} and I get blank.
Note, this is the last step in the process. when I go to the RA server I can
pull the CRR but all I see is the serial number of the crr
"kjsdhfkjsdjfhsdfks" not the serial number of the certificat. ok I transfer
the crr to the ca machine and go to prove the crr I run to the same problem
because it can not find the cert. to revok it since it can not parse the
crr. any one with ideas ???????
any one is intrested to see a working OpenCA please send me an email at
[EMAIL PROTECTED] so I can send the URL for the before I take the machins off
line for the out side wold. and by the way I have developed a secure way for
automatic filoe transfer between the RA and the CA with the CA off line like
it was designd if any one intrested in that let me know and I will forward
that to you.
Thanks
Baha Al-amood
[EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, October 04, 2001 12:22 PM
To: [EMAIL PROTECTED]
Subject: Openca-Users digest, Vol 1 #125 - 3 msgs
Send Openca-Users mailing list submissions to
[EMAIL PROTECTED]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/openca-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Openca-Users digest..."
Today's Topics:
1. extensions for ssl client cert (Robert Hannemann)
2. Re: extensions for ssl client cert (Massimiliano Pala)
3. Re: extensions for ssl client cert (Robert Hannemann)
--__--__--
Message: 1
Date: Thu, 04 Oct 2001 13:12:43 +0200
From: Robert Hannemann <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: [Openca-Users] extensions for ssl client cert
Hello,
i know that this question should be posted to the openssl list, but i=B4v=
e done so
with other questions some weeks ago and got no answers - so i hope you ca=
n help me
- Thanks a lot
Wich extensions should have a CA cert to be able for signing SSL Client C=
erts -
and wich extensions ( in openssl.cnf ) the Client Cert must have ?
Thanks for your Help and
Regards,
Robert Hannemann
--__--__--
Message: 2
Date: Thu, 04 Oct 2001 17:17:46 +0200
From: Massimiliano Pala <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Organization: OpenCA
To: Robert Hannemann <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: [Openca-Users] extensions for ssl client cert
This is a cryptographically signed message in MIME format.
--------------ms9DE500508AE3FA6BAC4B371C
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Robert Hannemann wrote:
>
> Hello,
Hi,
> Wich extensions should have a CA cert to be able for signing SSL Client
Certs -
> and wich extensions ( in openssl.cnf ) the Client Cert must have ?
Well, you can have a look into the openssl/docs directory (openssl.txt)
where there is an extensions description. Anyway a CA is enabled to sign
any kind of certificate, just set the CA:TRUE in the basicConstains, you
can also use the sslCA in the nsCertType but it is not requested. For
clients you can use:
nsCertType=client, email
keyUsage=digitalSignature,keyEncipherment,dataEncipherment,
keyAgreement
(digital signature is not required, I guess, but suggested)
Hope this helps. Don't forget to post your questions to the mailing lists
(users) for the sake of all the subscribers... :-D
--
C'you,
Massimiliano Pala
--o-------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] [EMAIL PROTECTED]
[EMAIL PROTECTED]
[EMAIL PROTECTED]
http://www.openca.org Tel.: +39 (0)59 270 094
http://openca.sourceforge.net Mobile: +39 (0)347 7222 365
--------------ms9DE500508AE3FA6BAC4B371C
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"
Content-Description: S/MIME Cryptographic Signature
MIIF+gYJKoZIhvcNAQcCoIIF6zCCBecCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
BFowggRWMIIDPqADAgECAgIDITANBgkqhkiG9w0BAQQFADBAMSAwHgYDVQQDExdDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTEPMA0GA1UEChMGT3BlbkNBMQswCQYDVQQGEwJJVDAeFw0wMTAy
MjcxMzQ0NTRaFw0wMjAyMjcxMzQ0NTRaMIGFMSYwJAYJKoZIhvcNAQkBFhdtYWR3b2xmQGhh
Y2ttYXN0ZXJzLm5ldDEaMBgGA1UEAxMRTWFzc2ltaWxpYW5vIFBhbGExFDASBgNVBAsTC09w
ZW5DQSBVc2VyMRwwGgYDVQQKExNPcGVuQ0EgT3JnYW5pemF0aW9uMQswCQYDVQQGEwJJVDCB
nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAs7c/i7zt8oRbF/MO3/Xq1bWb2h3y5VdRsm0E
MT22pFX7yjaKp4pSF36NDPJb4ss6aqqGLSiyyI/Wy+7124JDOzXhY4S0XPbZ6MmLUy4vp3Ze
+jmgJNyO2j+BtRQarUaEno+JIUizU4pcEtUO4BaPkxRqaL02raR61i3+foCQb/MCAwEAAaOC
AZYwggGSMAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgWgMAsGA1UdDwQEAwIF4DAmBglg
hkgBhvhCAQ0EGRYXT3BlbkNBIFVzZXIgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPtjrGNl7QbD
nNY0rT2UFmtDF8doMGgGA1UdIwRhMF+AFAtL08ix9MbKXM950at8v/yRSMd7oUSkQjBAMSAw
HgYDVQQDExdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEPMA0GA1UEChMGT3BlbkNBMQswCQYD
VQQGEwJJVIIBADAJBgNVHREEAjAAMAkGA1UdEgQCMAAwNAYJYIZIAYb4QgEEBCcWJWh0dHBz
Oi8vd3d3Lm9wZW5jYS5vcmcvY2dpLWJpbi9nZXRjcmwwNAYJYIZIAYb4QgEDBCcWJWh0dHBz
Oi8vd3d3Lm9wZW5jYS5vcmcvY2dpLWJpbi9nZXRjcmwwMgYJYIZIAYb4QgEHBCUWI2h0dHBz
Oi8vd3d3Lm9wZW5jYS5vcmc6NDQ0My9yZW5ld2FsMA0GCSqGSIb3DQEBBAUAA4IBAQBbbzeN
MZcl2K68tfAzCD72PB+hnwBuFBebVwVg5vWNJh/Zu0y2HAzy5pv9EcqLwS/2d5lqhwzG6a2H
W0HrrPbKxaLdQ4bZzDLG6zUohXzlCH0l2sq4BVuQF/dLVY/Gj2T9azYE0Yf2pOVG1VCC7zCR
9EtXsM51MbHzgxvOpUZD9sti2Y7UHmwxpr8vYodNLGQgR0B4tyWgCo5/LWyRk+u+4S0fFLsl
FISFpqNsTtDQxRWvmDD8BZhH5OFMHgCN73Wsngq2Hopo7QeKR2Ghwc+cIZHtk2Huoaj059Nz
/WXixzezZm5j3G1JWAzHfLo17n+nDdbF+OBODEhhuSIIBMI+MYIBaDCCAWQCAQEwRjBAMSAw
HgYDVQQDExdDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEPMA0GA1UEChMGT3BlbkNBMQswCQYD
VQQGEwJJVAICAyEwCQYFKw4DAhoFAKB6MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwGwYJ
KoZIhvcNAQkPMQ4wDDAKBggqhkiG9w0DBzAcBgkqhkiG9w0BCQUxDxcNMDExMDA0MTUxNzQ2
WjAjBgkqhkiG9w0BCQQxFgQUw2RkXJSr4+NmTwh295vUsbTlCj0wDQYJKoZIhvcNAQEBBQAE
gYASEEodkvuwkxf38Xyl2Mn9Ek6h1IZcA2GxDgJO+KN8vPCTXFsvrRDT9wlCpCQCSDmSml8s
ZC2DyAM8NPbCgu/xAGJjRFb2bBkMentZri9Vw6P+6ebXjbOfSY/aaHmh3nCvp2h3zqQxu1Ul
AKP2pVjIiTyC0VW26741qSJ77Hx89w==
--------------ms9DE500508AE3FA6BAC4B371C--
--__--__--
Message: 3
Date: Thu, 04 Oct 2001 16:29:29 +0200
From: Robert Hannemann <[EMAIL PROTECTED]>
To: "[EMAIL PROTECTED]"
<[EMAIL PROTECTED]>
Subject: Re: [Openca-Users] extensions for ssl client cert
This helps - thanks a lot
I guess in the current version of OpenCA i can choose in a CertReq beetwen
MS IE and
Netscape specific Types but not between the kind of Cert ( encrypting or
signing or
ssl client or obj signing ). If i am right - is it in planning for the near
future ?
Thanks and Regards,
Robert
Massimiliano Pala schrieb:
> Robert Hannemann wrote:
> >
> > Hello,
>
> Hi,
>
> > Wich extensions should have a CA cert to be able for signing SSL Client
Certs -
> > and wich extensions ( in openssl.cnf ) the Client Cert must have ?
>
> Well, you can have a look into the openssl/docs directory (openssl.txt)
> where there is an extensions description. Anyway a CA is enabled to sign
> any kind of certificate, just set the CA:TRUE in the basicConstains, you
> can also use the sslCA in the nsCertType but it is not requested. For
> clients you can use:
>
> nsCertType=client, email
> keyUsage=digitalSignature,keyEncipherment,dataEncipherment,
> keyAgreement
>
> (digital signature is not required, I guess, but suggested)
>
> Hope this helps. Don't forget to post your questions to the mailing lists
> (users) for the sake of all the subscribers... :-D
>
> --
>
> C'you,
>
> Massimiliano Pala
>
>
--o-------------------------------------------------------------------------
> Massimiliano Pala [OpenCA Project Manager]
[EMAIL PROTECTED]
>
[EMAIL PROTECTED]
>
[EMAIL PROTECTED]
> http://www.openca.org Tel.: +39 (0)59 270
094
> http://openca.sourceforge.net Mobile: +39 (0)347 7222
365
--__--__--
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
End of Openca-Users Digest
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users
