Thanks everyone for the replies and the community support. I don't think I got
across what I am trying to do. I have experimented with subcommands req and
x509. The openssl x509 -in -x509toreq -signkey does *NOT*
do what I want (I'm pretty sure).
openssl x509 -x509toreq may sign a certificate
k
wrote:
On 30 Jan 2020, at 21:38, Douglas Morris via openssl-users
wrote:
I am trying to implement automated domain certificate renewal. A certificate
signing request is sent to an ACME server and on success a certificate is
returned. I'd like to be able to call OpenSSL to ma
I am trying to implement automated domain certificate renewal. A certificate
signing request is sent to an ACME server and on success a certificate is
returned. I'd like to be able to call OpenSSL to make a new key and then make a
new certificate signing request just like the old one except for
Victor,
Thanks for that walk-through explanation. I probably get it even. I should have
followed the reference for the definition of eol in Section 3 of RFC 7468. It
was only one more human stack call. I appreciate the clarification on the valid
text encoding of explanatory text and of the heade
I expect from RFC 8555 that an ACME server issues a full chain certificate as a
reply body in the PEM format. The media type is
'application/pem-certificate-chain'. I can only guess from RFC 1421, sec. 4.3.1
that the byte encoding of the certificate necessarily uses line
breaks. I get US-ASCII
Viktor,
Thanks for meticulously answering my questions. I know the file name encoding
is not necessarily the file content encoding. If a Python program were on a
Windows computer, it might show a file name encoding of UTC-16, which would
make UTC-16 a good guess for what openssl -text would out
I'm working on an ACME client written in Python3. I expect the certificate sent
by the ACME server will be in utf-8 per RFC 8555, sec. 5. It seems from Python
Standard Library function sys.getfilesystemencoding() that a filesystem has a
particular encoding for filesystem names (which is not an e
Hello,
I've done some research of other peoples opinions and that's the best I can do.
Please advise SVP.
I want to us ECDSA for my Web server's SSL certificate via an ACME client to
Let's Encrypt and maybe later BuyPass.
I thought that EC is better than RSA, but now I don't think so. The answer
Thanks, Nicola. You know your stuff and write well. Reading your answer was
actually pleasant.
Douglas Morris
Hello,
Not a genius with openssl or encryption at all. Thanks for reading.
Background:
* Generate a private key (really key set) with named curve:openssl genpkey
-algorithm EC -pkeyopt ec_paramgen_curve:prime256v1 -pkeyopt
ec_param_enc:named_curve -outform PEM -out account-privkey-prime256v1.pem
10 matches
Mail list logo
