On 9/21/2004 6:41 PM, [EMAIL PROTECTED] wrote:
On Tue, 21 Sep 2004, Dennis Dai wrote:
Ok here's the deal with openssl. I'm using OpenSSL 0.9.7d and J2SE 1.4.2_05. Assuming:
* server.key - your certificate's private key * server.crt - your certificate * inter.crt - the intermediate CA that signed your certificate * root.crt - the root CA that signed the intermediate CA
where do i get this "root.crt"? fwiw, i'll show "openssl x509 -text" output below. if we are on the right track wrt making the correct cert chain, i wonder if i've got the right pieces to create it.
info from the server.crt which i received from verisign after providing them with the CSR:
Serial Number: 47:19:49:03:05:01:c4:fd:79:06:69:a9:be:d9:22:2d Signature Algorithm: sha1WithRSAEncryption Issuer: O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign International Server CA - Class 3, OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD .(c)97 VeriSign [snip] Subject: C=US, ST=California, L=Brisbane, O=Shopping.com, OU=Terms of use at www.verisign.com/rpa (c)00, CN=blahdeeblah.shopping.com
info from the intermediate cert i obtained from http://www.verisign.com/support/install/intermediate.html:
Serial Number: 25:4b:8a:85:38:42:cc:e3:58:f8:c5:dd:ae:22:6e:a4 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority [snip] Subject: O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign International Server CA - Class 3, OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
if i had the cert that signed this intermediate cert, would i have the right pieces to create the right chain?
You should be able to export it from your browser ... it's built into major browsers' root CA store I'm sure. Once you export the root cert, you can just use it as root.crt in my example.
And yes, you got the right piece. If you look at the issuer of your certificate, it's the same as the subject of the intermediate one you got from verisign. Now you only need the one that signed this intermediate one, which can be found and exported from major browsers.
Regards,
-- Dennis Dai [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
