From: Patrick McEvoy <[EMAIL PROTECTED]>
pmcevoy> I have been issued a X.509 Version 1 certificate for use with
pmcevoy> Visibroker SSL Pack 4.5 for C++ for Linux. However,
pmcevoy> Visibroker SSL Pack 4.5 uses SSL Plus 3.0 from Certicom which
pmcevoy> can not read X.509 Version 1 certificates only Version 3
pmcevoy> certificates (The Visibroker SSL Pack 4.5 specs say it is
pmcevoy> Version 1 capable). Is there any way I can convert the
pmcevoy> Version 1 certificate to a Version 3 certificate and at the
pmcevoy> same time maintain the integrity of the certificate?
There's no way you can convert an existing certificate in the way you
desire. What you have to do is to get a new certificate that is
X.509 version 3. The simpler way to do that is to have at least one
extension included in the certificate (key usage, subjectaltname, ...)
so ther version would be forced to 3, since such things can't exist in
version 1 certificates.
It sounds like your story has a bit more to it than what you write.
The only reason I can see to refuse to parse version 1 certificates is
because some version 3 extension is required, so I'd advice you to
check exactly what extensions are required by SSL Plus and what values
are accepted.
--
Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-733-72 88 11
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, GemPlus: http://www.gemplus.com/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
