MY CERT | VERISIGN
1) 1024-bit 1) 512-bit
2) serial no. 0 2) serial no. 52:a9:f4:24:da:67:4c:9d:af:4f:53:78:52:ab:ef:6e
3) has C,L,ST,O,OU,CN 3) has O,OU,OU only.
4)has the x509 v3 extension 4) does not have any x509 v3 extensions
Wat i did was the last differences were removed? but still it did not work
The ASN.1 for both the certificates obtained by using openssl asn1parse is given as below
But not much differences were found;
For verisign certificate:
0:d=0 hl=4 l= 589 cons: SEQUENCE
4:d=1 hl=4 l= 503 cons: SEQUENCE
8:d=2 hl=2 l= 16 prim: INTEGER :52A9F424DA674C9DAF4F537852ABEF6E
26:d=2 hl=2 l= 13 cons: SEQUENCE
28:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
39:d=3 hl=2 l= 0 prim: NULL
41:d=2 hl=3 l= 169 cons: SEQUENCE
44:d=3 hl=2 l= 22 cons: SET
46:d=4 hl=2 l= 20 cons: SEQUENCE
48:d=5 hl=2 l= 3 prim: OBJECT :organizationName
53:d=5 hl=2 l= 13 prim: PRINTABLESTRING :VeriSign, Inc
68:d=3 hl=2 l= 71 cons: SET
70:d=4 hl=2 l= 69 cons: SEQUENCE
72:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName
77:d=5 hl=2 l= 62 prim: PRINTABLESTRING :www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD.
141:d=3 hl=2 l= 70 cons: SET
143:d=4 hl=2 l= 68 cons: SEQUENCE
145:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName
150:d=5 hl=2 l= 61 prim: PRINTABLESTRING :For VeriSign authorized testing only. No assurances (C)VS1997
213:d=2 hl=2 l= 30 cons: SEQUENCE
215:d=3 hl=2 l= 13 prim: UTCTIME :980607000000Z
230:d=3 hl=2 l= 13 prim: UTCTIME :060606235959Z
245:d=2 hl=3 l= 169 cons: SEQUENCE
248:d=3 hl=2 l= 22 cons: SET
250:d=4 hl=2 l= 20 cons: SEQUENCE
252:d=5 hl=2 l= 3 prim: OBJECT :organizationName
257:d=5 hl=2 l= 13 prim: PRINTABLESTRING :VeriSign, Inc
272:d=3 hl=2 l= 71 cons: SET
274:d=4 hl=2 l= 69 cons: SEQUENCE
276:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName
281:d=5 hl=2 l= 62 prim: PRINTABLESTRING :www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD.
345:d=3 hl=2 l= 70 cons: SET
347:d=4 hl=2 l= 68 cons: SEQUENCE
349:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName
354:d=5 hl=2 l= 61 prim: PRINTABLESTRING :For VeriSign authorized testing only. No assurances (C)VS1997
417:d=2 hl=2 l= 92 cons: SEQUENCE
419:d=3 hl=2 l= 13 cons: SEQUENCE
421:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
432:d=4 hl=2 l= 0 prim: NULL
434:d=3 hl=2 l= 75 prim: BIT STRING
511:d=1 hl=2 l= 13 cons: SEQUENCE
513:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
524:d=2 hl=2 l= 0 prim: NULL
526:d=1 hl=2 l= 65 prim: BIT STRING
For my certificate:
0:d=0 hl=4 l= 875 cons: SEQUENCE
4:d=1 hl=4 l= 724 cons: SEQUENCE
8:d=2 hl=2 l= 3 cons: cont [ 0 ]
10:d=3 hl=2 l= 1 prim: INTEGER :02
13:d=2 hl=2 l= 1 prim: INTEGER :00
16:d=2 hl=2 l= 13 cons: SEQUENCE
18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
29:d=3 hl=2 l= 0 prim: NULL
31:d=2 hl=3 l= 134 cons: SEQUENCE
34:d=3 hl=2 l= 11 cons: SET
36:d=4 hl=2 l= 9 cons: SEQUENCE
38:d=5 hl=2 l= 3 prim: OBJECT :countryName
43:d=5 hl=2 l= 2 prim: PRINTABLESTRING :IN
47:d=3 hl=2 l= 20 cons: SET
49:d=4 hl=2 l= 18 cons: SEQUENCE
51:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
56:d=5 hl=2 l= 11 prim: PRINTABLESTRING :MAHARASHTRA
69:d=3 hl=2 l= 15 cons: SET
71:d=4 hl=2 l= 13 cons: SEQUENCE
73:d=5 hl=2 l= 3 prim: OBJECT :localityName
78:d=5 hl=2 l= 6 prim: PRINTABLESTRING :MUMBAI
86:d=3 hl=2 l= 12 cons: SET
88:d=4 hl=2 l= 10 cons: SEQUENCE
90:d=5 hl=2 l= 3 prim: OBJECT :organizationName
95:d=5 hl=2 l= 3 prim: PRINTABLESTRING :TCS
100:d=3 hl=2 l= 12 cons: SET
102:d=4 hl=2 l= 10 cons: SEQUENCE
104:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName
109:d=5 hl=2 l= 3 prim: PRINTABLESTRING :CSP
114:d=3 hl=2 l= 15 cons: SET
116:d=4 hl=2 l= 13 cons: SEQUENCE
118:d=5 hl=2 l= 3 prim: OBJECT :commonName
123:d=5 hl=2 l= 6 prim: PRINTABLESTRING :KMS CA
131:d=3 hl=2 l= 35 cons: SET
133:d=4 hl=2 l= 33 cons: SEQUENCE
135:d=5 hl=2 l= 9 prim: OBJECT :emailAddress
146:d=5 hl=2 l= 20 prim: IA5STRING :[EMAIL PROTECTED]
168:d=2 hl=2 l= 30 cons: SEQUENCE
170:d=3 hl=2 l= 13 prim: UTCTIME :011109062441Z
185:d=3 hl=2 l= 13 prim: UTCTIME :040805062441Z
200:d=2 hl=3 l= 134 cons: SEQUENCE
203:d=3 hl=2 l= 11 cons: SET
205:d=4 hl=2 l= 9 cons: SEQUENCE
207:d=5 hl=2 l= 3 prim: OBJECT :countryName
212:d=5 hl=2 l= 2 prim: PRINTABLESTRING :IN
216:d=3 hl=2 l= 20 cons: SET
218:d=4 hl=2 l= 18 cons: SEQUENCE
220:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName
225:d=5 hl=2 l= 11 prim: PRINTABLESTRING :MAHARASHTRA
238:d=3 hl=2 l= 15 cons: SET
240:d=4 hl=2 l= 13 cons: SEQUENCE
242:d=5 hl=2 l= 3 prim: OBJECT :localityName
247:d=5 hl=2 l= 6 prim: PRINTABLESTRING :MUMBAI
255:d=3 hl=2 l= 12 cons: SET
257:d=4 hl=2 l= 10 cons: SEQUENCE
259:d=5 hl=2 l= 3 prim: OBJECT :organizationName
264:d=5 hl=2 l= 3 prim: PRINTABLESTRING :TCS
269:d=3 hl=2 l= 12 cons: SET
271:d=4 hl=2 l= 10 cons: SEQUENCE
273:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName
278:d=5 hl=2 l= 3 prim: PRINTABLESTRING :CSP
283:d=3 hl=2 l= 15 cons: SET
285:d=4 hl=2 l= 13 cons: SEQUENCE
287:d=5 hl=2 l= 3 prim: OBJECT :commonName
292:d=5 hl=2 l= 6 prim: PRINTABLESTRING :KMS CA
300:d=3 hl=2 l= 35 cons: SET
302:d=4 hl=2 l= 33 cons: SEQUENCE
304:d=5 hl=2 l= 9 prim: OBJECT :emailAddress
315:d=5 hl=2 l= 20 prim: IA5STRING :[EMAIL PROTECTED]
337:d=2 hl=3 l= 159 cons: SEQUENCE
340:d=3 hl=2 l= 13 cons: SEQUENCE
342:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption
353:d=4 hl=2 l= 0 prim: NULL
355:d=3 hl=3 l= 141 prim: BIT STRING
499:d=2 hl=3 l= 230 cons: cont [ 3 ]
502:d=3 hl=3 l= 227 cons: SEQUENCE
505:d=4 hl=2 l= 29 cons: SEQUENCE
507:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Subject Key Identifier
512:d=5 hl=2 l= 22 prim: OCTET STRING
536:d=4 hl=3 l= 179 cons: SEQUENCE
539:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Authority Key Identifier
544:d=5 hl=3 l= 171 prim: OCTET STRING
718:d=4 hl=2 l= 12 cons: SEQUENCE
720:d=5 hl=2 l= 3 prim: OBJECT :X509v3 Basic Constraints
725:d=5 hl=2 l= 5 prim: OCTET STRING
732:d=1 hl=2 l= 13 cons: SEQUENCE
734:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption
745:d=2 hl=2 l= 0 prim: NULL
747:d=1 hl=3 l= 129 prim: BIT STRING
Geoff Thorpe wrote:
20011120052347.SGKD21293.mta5-rme.xtra.co.nz@there">On Tuesday 20 November 2001 00:20, viswanath wrote:But the self signed certificate that has been generated contains the
following
X509v3 Basic Constraints:
CA:TRUE
X509v3 Key Usage:
Certificate Sign, CRL Sign
Netscape Cert Type:
SSL CA, S/MIME CA, Object Signing CA
which means that it is a CA certificate.
So what else could be the problem.
Can you give us a side-by-side of the differences between the CA cert that
was imported OK and the CA cert you can't get imported? Logic (or a
first-order approximation thereof) tells me that's where you should find
your answer ... though of course it could be something like the way the
strings are encoded rather than the nature of the attributes.
Perhaps "openssl asn1parse -i" the two and take a look at what kind of
differences you find?
Cheers,
Geoff
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]