Re: Verifying X509 Certificates Using The OpenSSL API

[Peter Sylvester]

try rehash the certs
I am loading the certificate stores from /etc/ssl/certs which 
contains the stores that mozilla, chrome, and the like all verify 
from, but no matter what I do I can't get a single certificate to verify.

Re: Question about extensions

[Dr. Stephen Henson]

On Fri, Aug 06, 2010, Bram Cymet wrote:

 It complains about the client_cert section.
 
 Attached is the conf file.
 
 I am using openssl 1.0.0.
 

That's odd, I just tried it on the latest 1.0.0-stable (1.0.0a should be near
enough) and other than the typo for prompt it works fine.

What command line are you using?

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

Re: Question about extensions

[Bram Cymet]

I have attempted a number of different command line commands. They are all 
similar to: 

openssl x509 -extfile req.conf -extensions client_cert -in bcymet-cert.pem -out 
test.pem

openssl x509 -req -in req.pem -sha1 -extfile req.conf -extensions client_cert 
-CA CA.pem -CAkey cakey.pem -out test.pem 

Can you give me an example of how to create the cert or a req with the 
extensions? 

Thanks, 

Bram 

On 2010-08-08, at 8:38 AM, Dr. Stephen Henson wrote:

 On Fri, Aug 06, 2010, Bram Cymet wrote:
 
 It complains about the client_cert section.
 
 Attached is the conf file.
 
 I am using openssl 1.0.0.
 
 
 That's odd, I just tried it on the latest 1.0.0-stable (1.0.0a should be near
 enough) and other than the typo for prompt it works fine.
 
 What command line are you using?
 
 Steve.
 --
 Dr Stephen N. Henson. OpenSSL project core developer.
 Commercial tech support now available see: http://www.openssl.org
 __
 OpenSSL Project http://www.openssl.org
 User Support Mailing Listopenssl-users@openssl.org
 Automated List Manager   majord...@openssl.org