|
Home > Archive > IIS Server Security > July 2006 > Can i make personal ssl cert from verisign's one?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Can i make personal ssl cert from verisign's one?
|
|
| heingray@gmail.com 2006-06-30, 7:24 am |
| I tryed it until yesterday.
I think i'm almost succeed.
it's so easy. set openssl SSLCACertificateFile to verisign's one.
cert tree appear to follow.
VeriSign Class 3 Public Primary CA
|
---> www.verisign.com/CPS incorp.by Ref. LIABILITY LTD. (c)97 VeriSign
|
----->www.yourdomain.com
|
-----> NewOne.com
But, the file www.yourdomain.com contain expired cert (CPS
incorp..blah)
I think it's some kind of 'prevention' of verisign.
so, I try to export many site's cert. and i knew some site's cert is
contain
valid cert.
therefore, somebody know the site that sold valid cert?
| |
| Ken Schaefer 2006-06-30, 9:47 pm |
| What are the OIDs for the certificate for "www.yourdomain.com"?
Surely it can only be used for Server Authentication (and similar), not for
signing other certificates?
Cheers
Ken
<heingray@gmail.com> wrote in message
news:1151652967.013632.16900@b68g2000cwa.googlegroups.com...
>I tryed it until yesterday.
>
> I think i'm almost succeed.
>
> it's so easy. set openssl SSLCACertificateFile to verisign's one.
>
> cert tree appear to follow.
>
> VeriSign Class 3 Public Primary CA
> |
> ---> www.verisign.com/CPS incorp.by Ref. LIABILITY LTD. (c)97 VeriSign
> |
> ----->www.yourdomain.com
> |
> -----> NewOne.com
>
> But, the file www.yourdomain.com contain expired cert (CPS
> incorp..blah)
>
> I think it's some kind of 'prevention' of verisign.
>
> so, I try to export many site's cert. and i knew some site's cert is
> contain
>
> valid cert.
>
> therefore, somebody know the site that sold valid cert?
>
| |
| Ken Schaefer 2006-07-01, 1:28 am |
| What are the OIDs for the certificate for "www.yourdomain.com"?
Surely it can only be used for Server Authentication (and similar), not for
signing other certificates?
Cheers
Ken
<heingray@gmail.com> wrote in message
news:1151652967.013632.16900@b68g2000cwa.googlegroups.com...
>I tryed it until yesterday.
>
> I think i'm almost succeed.
>
> it's so easy. set openssl SSLCACertificateFile to verisign's one.
>
> cert tree appear to follow.
>
> VeriSign Class 3 Public Primary CA
> |
> ---> www.verisign.com/CPS incorp.by Ref. LIABILITY LTD. (c)97 VeriSign
> |
> ----->www.yourdomain.com
> |
> -----> NewOne.com
>
> But, the file www.yourdomain.com contain expired cert (CPS
> incorp..blah)
>
> I think it's some kind of 'prevention' of verisign.
>
> so, I try to export many site's cert. and i knew some site's cert is
> contain
>
> valid cert.
>
> therefore, somebody know the site that sold valid cert?
>
| |
| heingray@gmail.com 2006-07-02, 7:48 pm |
| How can i classify it?
Every cert not rejected when i signing with openssl even if
that does not work.
I found simple solution of it. just click the lock icon, export
current level cert to file and click the exported file.
You will meet some kind of error (usually root ca doesn't show up)
or valid one but almost expired.
Try https://verisign.com
However, i cannot classify OID that you said.
Could you help me to find out that?
Thanks in advance.
Ken Schaefer wrote:[vbcol=seagreen]
> What are the OIDs for the certificate for "www.yourdomain.com"?
>
> Surely it can only be used for Server Authentication (and similar), not for
> signing other certificates?
>
> Cheers
> Ken
>
> <heingray@gmail.com> wrote in message
> news:1151652967.013632.16900@b68g2000cwa.googlegroups.com...
| |
| Ken Schaefer 2006-07-02, 11:18 pm |
| The purposes that a certificate can be used for are determined by the
issuing CA. If a certificate is issued for server-authentication, you can't
use it for other purposes. The OIDs for a certificate are available via the
Certificate Manager MMC snapin (Start -> Run -> certmgr.msc)
Cheers
Ken
<heingray@gmail.com> wrote in message
news:1151887684.962681.123840@h44g2000cwa.googlegroups.com...
> How can i classify it?
>
> Every cert not rejected when i signing with openssl even if
> that does not work.
>
> I found simple solution of it. just click the lock icon, export
> current level cert to file and click the exported file.
>
> You will meet some kind of error (usually root ca doesn't show up)
> or valid one but almost expired.
>
> Try https://verisign.com
>
> However, i cannot classify OID that you said.
>
> Could you help me to find out that?
>
> Thanks in advance.
>
> Ken Schaefer wrote:
>
| |
| heingray@gmail.com 2006-07-03, 8:40 pm |
| I understand what you say.
but, I'm talking about Non-root CA signing.
I can make cert from non-permitted cert.
there is some limitation.
1. original cert must be use Intermediate (cert chain)
single-root cert is not working.
2. original cert must be valid when i double-clicked that
in windows.
example)
expired one: http://user.chol.com/~mirror/t1.cer
valid one: http://user.chol.com/~mirror/t2.cer
thanks in advance.
Ken Schaefer wrote:[vbcol=seagreen]
> The purposes that a certificate can be used for are determined by the
> issuing CA. If a certificate is issued for server-authentication, you can't
> use it for other purposes. The OIDs for a certificate are available via the
> Certificate Manager MMC snapin (Start -> Run -> certmgr.msc)
>
> Cheers
> Ken
>
> <heingray@gmail.com> wrote in message
> news:1151887684.962681.123840@h44g2000cwa.googlegroups.com...
|
|
|
|
|