RE: RootCA+SubCA+SubCA

Aslam Mon, 10 Sep 2001 09:05:15 -0700
Hi,

>I looked at the openssl.txt file you provided, and noticed that
>signing an intermediate CA request and a user request were essentially
>the same thing.  Seems to me it should include another option.  Isn't
>that what the -extensions v3_ca flag is for?

Ya signing the user and CA certificate request r essentially the same with
an exception that user.cnf (user cert config file) has got basicConstraints
= CA:FALSE under section [ usr_cert ] and ca.cnf (CA cert connfig file) has
got basicConstraints = CA:TRUE

ya -extension v3_ca and -extension v3_usr r to locate the corresponding
sections for v3 extension in the given config files.


>I could be wrong, but it looks like the file you provided would only
>sign the first level of intermediate CAs, but they would not be able
>to sign other certs.

What do u mean by first level of intermidiate CAs??
If u say the according to the files I sent to u, we'll be not able to
generate a chain like
CA->Int1->Int2 -----Intn->User .. Then u r wrong..

Plz let me know if u have any further problem..

Thanks
Aslam

-----Original Message-----
From: Louis LeBlanc [mailto:[EMAIL PROTECTED]]
Sent: Friday, September 07, 2001 3:44 PM
To: '[EMAIL PROTECTED]'
Subject: Re: RootCA+SubCA+SubCA


On 09/05/01 02:51 PM, Aslam sat at the `puter and typed:
> Hi,
> 
> I'm sorry I didn't new that I can not send any *.bat file as an attachment
> to a mailing list.. any way u can save it as a txt file and see it...
> 
> Any way.. 
> here is the content of batch file:
> 
> see attached "using openssl.txt" file...
> 
> I think ca.cnf file don have any problem in regard with some virus
stuff....
> :) :) :)  ! ! !
> 
> 
> Thanks
> Aslam

Hey Aslam and Averroes.  I found it a pleasant coincidence that this
would show up on the list just as I was being asked to do pretty much
exactly the same thing.

I looked at the openssl.txt file you provided, and noticed that
signing an intermediate CA request and a user request were essentially
the same thing.  Seems to me it should include another option.  Isn't
that what the -extensions v3_ca flag is for?

I could be wrong, but it looks like the file you provided would only
sign the first level of intermediate CAs, but they would not be able
to sign other certs.

Care to toss me a clue?

Thanks
Lou
-- 
Louis LeBlanc       [EMAIL PROTECTED]
Fully Funded Hobbyist, KeySlapper Extrordinaire :)
http://acadia.ne.mediaone.net                 ԿԬ

I think we're all Bozos on this bus.
    -- Firesign Theatre

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
RE: RootCA+SubCA+SubCA

Reply via email to
