Jackob,
I thank you for all this. I will be studying it over the coming week(s).
Bob
On 8/15/19 5:39 PM, Jakob Bohm via openssl-users wrote:
[Top posting to match]
Note that the actual DC name element is still used for actual domains
when interacting with Microsoft Active Directory authenti
[Top posting to match]
Note that the actual DC name element is still used for actual domains
when interacting with Microsoft Active Directory authentication,
including associated X.509 certificates. So it shouldn't be used for
something contrary.
The shortest useful form in terms of certifi
On 8/14/19 6:47 PM, Michael Richardson wrote:
Robert Moskowitz wrote:
> I am fiddling around with an intermediate CA signing cert that the CA's
> 'name' is it HIP (RFC 7401) HIT which is a valid IPv6 address. Actually a
> Hierarchical HIT as in draft-moskowitz-hierarchical-hip
Richard Levitte wrote:
> On Thu, 15 Aug 2019 00:47:41 +0200, Michael Richardson wrote:
>>
>>
>> Robert Moskowitz wrote: > I am fiddling around
>> with an intermediate CA signing cert that the CA's > 'name' is it HIP
>> (RFC 7401) HIT which is a valid IPv6 address. Actua
On Thu, 15 Aug 2019 00:47:41 +0200,
Michael Richardson wrote:
>
>
> Robert Moskowitz wrote:
> > I am fiddling around with an intermediate CA signing cert that the CA's
> > 'name' is it HIP (RFC 7401) HIT which is a valid IPv6 address. Actually
> a
> > Hierarchical HIT as in draft-mo
Robert Moskowitz wrote:
> I am fiddling around with an intermediate CA signing cert that the CA's
> 'name' is it HIP (RFC 7401) HIT which is a valid IPv6 address. Actually a
> Hierarchical HIT as in draft-moskowitz-hierarchical-hip (to be revised
soon).
> For a client cert, it w
On 8/14/19 3:26 PM, Salz, Rich wrote:
RFC 8002 (with a null subjectName), but a CA cert MUST have a non-empty
subjectName.
Non-empty subjectName or non-empty commonName within the subject name?
Shrug. Doesn't matter, I guess. Just populate it with the string version of
the HIT n
On 8/14/19 11:21 AM, Jakob Bohm via openssl-users wrote:
On 14/08/2019 04:55, Robert Moskowitz wrote:
I am fiddling around with an intermediate CA signing cert that the
CA's 'name' is it HIP (RFC 7401) HIT which is a valid IPv6 address.
Actually a Hierarchical HIT as in draft-moskowitz-hiera
RFC 8002 (with a null subjectName), but a CA cert MUST have a non-empty
subjectName.
Non-empty subjectName or non-empty commonName within the subject name?
Shrug. Doesn't matter, I guess. Just populate it with the string version of
the HIT name, something like
CN=IP Address 20
On 14/08/2019 04:55, Robert Moskowitz wrote:
I am fiddling around with an intermediate CA signing cert that the
CA's 'name' is it HIP (RFC 7401) HIT which is a valid IPv6 address.
Actually a Hierarchical HIT as in draft-moskowitz-hierarchical-hip (to
be revised soon).
For a client cert, it wo
I am fiddling around with an intermediate CA signing cert that the CA's
'name' is it HIP (RFC 7401) HIT which is a valid IPv6 address. Actually
a Hierarchical HIT as in draft-moskowitz-hierarchical-hip (to be revised
soon).
For a client cert, it would be easy to put the HIT in subjectAltName p
11 matches
Mail list logo
