Re: OpenSSL question



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

mgk.mailing wrote:
Hi All

I'm Working on a certificate authority using open ssl and have been for
the most part successful over the last 6 months. Now the trial period
is over there has been one thing i keep stubbing my toe on and i was
hoping someone would be able to help/point me in the right direction.
I am trying to encode the CRL location into the certificates so that
they can be automatically updated to revoked certificates. I know that
alot of devices allow you to specify the address manually but was hoping
that you could generate it as part of either the root CA certificate,
Signed device certificate or the signed crl.

See RFC2459 for info on the crlDistributionPoints extension, and openssl
doco for same. (Basically, an option that looks like:
crlDistributionPoints=URI:http://www.example.com/my.crl) in the relevant
section of openssl.cnf)... Also,
nsCaRevocationUrl=http://www.example.com/my.crl for an non-standard
pointer that still appears to be used...


PK
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHe91/CODE1AJ6UNoRAgKMAJ0TZwo42zvlxSbXC9+wm+dqEE6dRwCfQm6B
DukjJ4KFT7O/psauil1kpg0=
=67XG
-----END PGP SIGNATURE-----



Relevant Pages

  • Re: [opensuse] 25C3: Hackers completely break SSL using 200 PS3s
    ... suppliers certificates, a fixed certificate signing response time, a ... computing power... ... Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org ...
    (SuSE)
  • Re: printer problems
    ... Hash: SHA1 ... you want to report with detail of what you've tried and what errors ... certificate not found! ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ...
    (Ubuntu)
  • Re: Skype substitutes for current Debian?
    ... certificate at (, ... I usually get warnings of expired certificates. ... Comment: Using GnuPG with Icedove - http://www.enigmail.net/ ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
    (Debian-User)
  • Re: Zero terminated strings
    ... certificate authority. ... (Note that C++ uses zero terminated strings too) ... character represents the end of a string, ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ...
    (comp.lang.c)
  • Re: OpenSSL question
    ... that you could generate it as part of either the root CA certificate, ... Signed device certificate or the signed crl. ... Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org ... Thanks Patrick ...
    (Security-Basics)