for this requirement? Thanks.
Br
Ben
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Yin, Ben 1.
(NSN - CN/Cheng Du)
Sent: Tuesday, September 01, 2009 3:06 PM
To: openssl-users@openssl.org
Subject: RE: Verify certificate using
?
Regards,
Serge Fonville
On Wed, Sep 2, 2009 at 8:21 AM, Yin, Ben 1. (NSN - CN/Cheng
Du)ben.1@nsn.com wrote:
OK, regarding the CA deploy, such as, we have a one root ca and 1000 sub ca
signed by root ca. and each sub ca used as ca by 1000 terminals.so the total
network size is 1000*1000
, Yin, Ben 1. (NSN - CN/Cheng
Du)ben.1@nsn.com wrote:
Hi Serge,
Maybe we can put the root ca into the verification chain if I can prove the
verfiy certificate using only sub ca is impossible. But before that, do you
know if it's possible to verfiy certificate without root ca? Thanks.
Br
knowledge.
On Wed, Sep 2, 2009 at 10:35 AM, Yin, Ben 1. (NSN - CN/Cheng
Du)ben.1@nsn.com wrote:
Hi Serge,
Maybe we can put the root ca into the verification chain if I can prove the
verfiy certificate using only sub ca is impossible. But before that, do you
know if it's possible to verfiy
Subject: Re: Verify certificate using subordinate ca
Wat exactly are the applications you use, are they compiled against
openssl libraries?
On Wed, Sep 2, 2009 at 11:49 AM, Yin, Ben 1. (NSN - CN/Cheng
Du)ben.1@nsn.com wrote:
Yes. When server send certificate signed by sub ca to client. How client
all keys are encrypted using a strong password...
Regards,
Serge Fonville
To answer your original question, you can not verify a chain without
all chain members to verify against root -- sub -- client/server
cert
On Wed, Sep 2, 2009 at 12:02 PM, Yin, Ben 1. (NSN - CN/Cheng
Du)ben.1@nsn.com
Hi,
It there a way to verify certificate with out root ca? I have 4
certificate: rootca.pem is the root ca (self signed). subca.pem was
signed by rootca.pem. cert1.pem cert2.pem was signed by subca.pem. I
was supposed to configure the client and server using subca.pem as ca,
and cert1.pem
as part of the chain, create a new
chain where the sub is the root
What is the reason you do not want to use the root in the chain check,
but it should be part of the chain?
HTH
Regards,
Serge Fonville
On Tue, Sep 1, 2009 at 1:04 PM, Yin, Ben 1. (NSN - CN/Cheng
Du)ben.1@nsn.com wrote:
Hi
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Yin, Ben 1.
(NSN - CN/Cheng Du)
Sent: Tuesday, September 01, 2009 3:06 PM
To: openssl-users@openssl.org
Subject: RE: Verify certificate using subordinate ca
Hi Serge,
My intention
Hi,
It there a way to verify certificate with out root ca? I have 4
certificate: rootca.pem is the root ca (self signed). subca.pem was
signed by rootca.pem. cert1.pem cert2.pem was signed by subca.pem. I
was supposed to configure the client and server using subca.pem as ca,
and cert1.pem
and verifying and not for encrypting, if the CA keys
are stored safely, there is no 'compromise'
Are you distributing the keys as well?
HTH
Regards,
Serge Fonville
On Tue, Sep 1, 2009 at 2:13 PM, Yin, Ben 1. (NSN - CN/Cheng
Du)ben.1@nsn.com wrote:
I only want to verfiy the signature (I mean
11 matches
Mail list logo