On Sat, Jul 7, 2012 at 2:27 PM, <pro...@secure-mail.biz> wrote: > Hello, > > is it possible to sign a foreign SSL public key without having CSR/private > key? > > Background: > Because the public root CA's failed at least twice (DigiNotar, Comodo), I'd > like to pin a SSL certificate from a website I have no control over. > (Therefore I no access the the private key and can subsequently also not > create a CSR.) Pin the SSL cert by using a local self signed CA. > Sorry to dig up an old topic.
>From "Hacker Bypasses Apple's iOS In-App Purchases," http://www.esecurityplanet.com/mobile-security/hacker-bypasses-apples-ios-in-app-purchases.html: "Essentially, this circumvention technique relies on installing certificates for a fake in-app purchase server as well as a custom DNS server," writes ZDNet's Emil Protalinski. "The latter's IP address is then mapped to the former, which in turn allows all 'purchases' to go through. PKI and DNS are complicit here, also. I'm not sure if Apple exposes any pinning functionality in their StoreKit API. Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List firstname.lastname@example.org Automated List Manager majord...@openssl.org