On Tue, 21 Sep 2004, Dennis Dai wrote:
Ok here's the deal with openssl. I'm using OpenSSL 0.9.7d and J2SE 1.4.2_05.
Assuming:
* server.key - your certificate's private key
* server.crt - your certificate
* inter.crt - the intermediate CA that signed your certificate
* root.crt - the root CA that signed the intermediate CA
where do i get this "root.crt"? fwiw, i'll show "openssl x509 -text"
output below. if we are on the right track wrt making the correct cert
chain, i wonder if i've got the right pieces to create it.
info from the server.crt which i received from verisign after providing
them with the CSR:
Serial Number:
47:19:49:03:05:01:c4:fd:79:06:69:a9:be:d9:22:2d
Signature Algorithm: sha1WithRSAEncryption
Issuer: O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign
International Server CA - Class 3, OU=www.verisign.com/CPS Incorp.by
Ref. LIABILITY LTD .(c)97 VeriSign
[snip]
Subject: C=US, ST=California, L=Brisbane, O=Shopping.com, OU=Terms
of use at www.verisign.com/rpa (c)00, CN=blahdeeblah.shopping.com
info from the intermediate cert i obtained from
http://www.verisign.com/support/install/intermediate.html:
Serial Number:
25:4b:8a:85:38:42:cc:e3:58:f8:c5:dd:ae:22:6e:a4
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
Authority
[snip]
Subject: O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign
International Server CA - Class 3, OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY
LTD.(c)97 VeriSign
if i had the cert that signed this intermediate cert, would i have the
right pieces to create the right chain?
thanks again
--
[EMAIL PROTECTED]
office: 650.616.6708
Reality is that which, when you stop believing in it, doesn't go away.
- Philip K. Dick
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
