-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Rocky S schrieb:
> 1) I have installed openssl sources. In the certs directory, > there are various certificates. I looked at a couple of > them - aol1.pem & vsign1.pem. > > The vsign1.pem starts with [...] > The aol1.pem directly starts with BEGIN_CERTIFICATE - i.e. it doesn't > have the subject field & the notBefore/notAfter. > > Why this difference between aol1.pem & vsign1.pem? The differences are only cosmetically. The important part is between the -----BEGIN CERTIFICATE----- and - -----END CERTIFICATE----- lines. The other data is for humans to see what is between these lines... > > 2) I can run the command > "openssl x509 -hash -in [pem filename] on either of the pem files & I > get a hash (for eg. bda4cc84) for aol1.pem > > What exactly is being hashed here - is it the part between > BEGIN_CERTIFICATE & END_CERTIFICATE? The subject name of the certificate stored between the BEGIN... / END... lines. > What hashing algorithm in being used? It is the first 4 bytes of the MD5 hash of the certificate subject name. > 3) I have firefox installed on my machine. I go to tools -> options -> > advanced-> Encryption Tab. Then I click on > view certificates. > I get the certificate manager dialog with 4 tabs - > "Your certs", "other people's certs", "web sites" "authorites". > > All these 4 tabs have the Import Button. > > I am able to import aol1.pem etc using the import button > on the last 2 tabs, but not the first 2 tabs. This indicates that firefox still has some issues handling certificates. These certificates are CA certificates (and for example aol1.pem clearly marked as one) so it should only be possible to import it in the "authorities" tab. Bye Goetz - -- DMCA: The greed of the few outweights the freedom of the many -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGE4W12iGqZUF3qPYRAkPoAJ4g+FaXz63dkL6DlzXW9kwW4hpEqQCbB0Qf l+raxPF/NCktluLTFYf/B9Y= =Sr8E -----END PGP SIGNATURE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
