You can add a caIssuer entry to the authorisInformationAccesss extension
of cert B and C. Put an URL where you can download the issuing certificate (so
cert C has a URL to download cert B). That way, windows can automatically
fetch the intermediate certificate.
cheers
Mat
On Tuesday 12.
Hi,
please see the following certificate:
-BEGIN CERTIFICATE-
MIIEbTCCA1WgAwIBAgICLgAwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMx
FzAVBgNVBAoTDkdlb1RydXN0LCBJbmMuMRgwFgYDVQQDEw9HZW9UcnVzdCBTU0wg
Q0EwHhcNMTAxMDE5MDQyMDUwWhcNMTUxMDIwMjMzNTI0WjCBhDEpMCcGA1UEBRMg
Bonjour,
Le 13/11/2013 11:35, Igor Sverkos a écrit :
Hi,
please see the following certificate:
-BEGIN CERTIFICATE-
MIIEbTCCA1WgAwIBAgICLgAwDQYJKoZIhvcNAQEFBQAwQDELMAkGA1UEBhMCVVMx
[...]
uKnvqzQP10A7f3PBsGYRA2DCeMDavaEoizJnNyjCOQx4
-END CERTIFICATE-
It seems to be a valid
Hello,
thank you for your response. There's one thing in your reply I don't
understand:
Erwann Abalea wrote:
It seems to be a valid certificate for OpenSSL, right?
OpenSSL can parse it, yes.
[...]
Reading X.520 shows that the DirectoryString type disallows 0-sized
elements. So you're
On 13 November 2013 10:35, Igor Sverkos igor.sver...@googlemail.com wrote:
According to RFC 3280, which defines
X.509 certficates, these entries, if they exist, must not have
an empty value.
FWIW, RFC 3280 has been obsoleted by RFC 5280.
I couldn't find where it said this in RFC 5280.
This is taken from X.520/RFC5280:
DirectoryString ::= CHOICE {
teletexString TeletexString (SIZE (1..MAX)),
printableString PrintableString (SIZE (1..MAX)),
universalString UniversalString (SIZE (1..MAX)),
utf8String
Le 13/11/2013 13:30, Igor Sverkos a écrit :
Hello,
thank you for your response. There's one thing in your reply I don't
understand:
Erwann Abalea wrote:
It seems to be a valid certificate for OpenSSL, right?
OpenSSL can parse it, yes.
[...]
Reading X.520 shows that the DirectoryString
From: owner-openssl-users On Behalf Of Walter H.
Sent: Tuesday, November 12, 2013 05:08
On Tue, November 12, 2013 05:47, Alan Jakimiuk wrote:
Is there a way I can make all three linked?
this should be the default.
ie. Cert A-Cert B-Cert C in the certification path?
Any help would
