A lot of things on the Internet are wrong. The OpenSSL man page does not say
multiple
occurrences work and I'm pretty sure it never did, nor did the code. In
general
OpenSSL commandlines don't handle repeated options; the few exceptions are
noted.
pkcs12 -caname (NOT -cafile) IS one of the
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Dave Thompson
- the truststore if -CAfile and/or -CApath specified IF NEEDED
Thank you very much for your awesome detailed answer. This answers a lot of
questions, but I am left with a new one:
I
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Edward Ned Harvey (openssl)
Sent: Wednesday, 23 April, 2014 21:05
Subject: RE: SSL Root CA and Intermediate CA Certs.
I don't know how you learn about SSL/TLS, other than (a) reading the
internet,
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Michael Wojcik
For someone who does want more background in cryptography, I'd
recommend Schneier's /Applied Cryptography/ over /Cryptography
Engineering/. The latter is for people implementing
On Thu, Apr 24, 2014 at 12:57:36PM +, Michael Wojcik wrote:
[snip]
How and why do you trust any root certs? Generally they're built-in to your
OS or your browser, so you're just blindly trusting that those guys know
what
they're doing.
And they don't, and they don't care that they
Thanks!
On Apr 24, 2014, at 8:21 AM, Edward Ned Harvey (openssl)
open...@nedharvey.com wrote:
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Dave Thompson
- the truststore if -CAfile and/or -CApath specified IF NEEDED
Thank you very much for your
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Tom Francis
openssl pkcs12 -export -out mypkcs12.pfx -inkey my.private.key -in
mycert.crt -certfile intermediate.crt -CAfile ca.crt
(Correct?)
So ... I just tried this, and confirmed,
On Thu, Apr 24, 2014 at 1:49 PM, Bin Lu b...@juniper.net wrote:
Thanks!
Ben Laurire checked it in recently (within the last week or so).
Until it makes it way into the the tar balls, I believe you should
try: https://rt.openssl.org/Ticket/Display.html?id=2167user=guestpass=guest.
Jeff