[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-users
Subject: RE: output certificate from CA
From: todd.wiersema () lmco ! com
Date: 2000-04-30 2:00:10
[Download RAW message or body]
When you say output, do you mean you want a copy of the certificate?
If so, /usr/local/ssl/lib/openssl.cnf specifies the location the
certificates are stored named by serial number.
new_certs_dir = $dir/newcerts # default place for new certs.
Can't you just copy the file?
# for serial number 04
cp ../newcerts/04.pem www-99-cert.pem
Did you mean you want a different certificate with the same common name? If
so , it is necessary to revoke the original certificate. This might be
necessary if there was a mistake in the request or the certificate's private
key was compromised.
####
# Revoke certificate if there is a mistake
####
# for serial number 04
cp ../newcerts/04.pem www-99-cert.pem
openssl ca -revoke www-99-cert.pem
Did I answer your question?
Todd Wiersema
todd@wiersema.net <mailto:todd@wiersema.net>
-----Original Message-----
From: Colin Chalmers [mailto:Colin.Chalmers@maxware.nl]
Sent: Friday, April 28, 2000 3:52 AM
To: openssl-users@openssl.org
Subject: output certificate from CA
Hi,
I've just starten playing about with openssl and have a question regarding
the CA.
I would like to output a certificate to a file that I already have in my CA
database. Unfortunately I only see how I can do this when I give the request
with all the info, then I get the answer that the certificate already exists
and will not be processed/output.
Is it not possible to give for example the serial number of the certificate
to export?
Any tips/ideas appreciated.
Met vriendelijke groet,
Colin Chalmers
Snr. Project Engineer
maXware
MaXware Benelux BV
Burg.Stramanweg 105F, 1101 AA Amsterdam
Tel: +31(0)20 4529650, Fax: +31(0)20 4529161
E-mail: Colin.Chalmers@maxware.nl <mailto:Colin.Chalmers@maxware.nl>
Web: www.maxware.nl <http://www.maxware.nl>
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META content="MSHTML 5.00.2314.1000" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV> </DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=290573903-30042000>When
you say output, do you mean you want a copy of the
certificate?</SPAN></FONT></DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=290573903-30042000>If so,
/usr/local/ssl/lib/openssl.cnf specifies the location the certificates are
stored named by serial number.</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=290573903-30042000></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=290573903-30042000>new_certs_dir =
$dir/newcerts # default place
for new certs.<BR></SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=290573903-30042000>Can't
you just copy the file? </SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=290573903-30042000></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=290573903-30042000># for
serial number 04</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=290573903-30042000>cp
../newcerts/04.pem www-99-cert.pem </SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=290573903-30042000></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=290573903-30042000>Did
you mean you want a different certificate with the same common name? If so
, it is necessary to revoke the original certificate. This might be
necessary if there was a mistake in the request or the certificate's private key
was compromised.</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=290573903-30042000></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2>####<BR># Revoke certificate if there
is a mistake<BR>####</FONT></DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><FONT color=#0000ff face=Arial
size=2><SPAN class=290573903-30042000># for serial number
04</SPAN></FONT></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2>cp ../newcerts/04.pem
www-99-cert.pem </FONT></DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2>openssl ca -revoke www-99-cert.pem
</FONT></DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=290573903-30042000>Did I
answer your question?</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=290573903-30042000></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=290573903-30042000>Todd
Wiersema</SPAN></FONT></DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=290573903-30042000></SPAN></FONT> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN class=290573903-30042000><A
href="mailto:todd@wiersema.net">todd@wiersema.net</A></SPAN></FONT></DIV>
<DIV> </DIV>
<DIV><FONT color=#0000ff face=Arial size=2><SPAN
class=290573903-30042000> </DIV></SPAN></FONT>
<BLOCKQUOTE style="MARGIN-RIGHT: 0px">
<DIV align=left class=OutlookMessageHeader dir=ltr><FONT face=Tahoma
size=2>-----Original Message-----<BR><B>From:</B> Colin Chalmers
[mailto:Colin.Chalmers@maxware.nl]<BR><B>Sent:</B> Friday, April 28, 2000 3:52
AM<BR><B>To:</B> openssl-users@openssl.org<BR><B>Subject:</B> output
certificate from CA<BR><BR></DIV></FONT>
<DIV><FONT face=Garamond>Hi,</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Garamond>I've just starten playing about with openssl and have
a question regarding the CA.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Garamond>I would like to output a certificate to a file that I
already have in my CA database. Unfortunately I only see how I can do this
when I give the request with all the info, then I get the answer that the
certificate already exists and will not be processed/output.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Garamond>Is it not possible to give for example the serial
number of the certificate to export?</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Garamond>Any tips/ideas appreciated.</FONT></DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV><FONT face=Garamond>Met vriendelijke groet,</FONT> <BR> <BR>
<P><FONT face=Garamond>Colin Chalmers</FONT> <BR><FONT face=Garamond>Snr.
Project Engineer</FONT>
<CENTER>
<P><B><I><FONT face=Verdana><FONT color=#000080>ma</FONT><FONT
color=#008080>X</FONT><FONT color=#000080>ware</FONT></FONT></I></B>
<BR><B><I><FONT face=Verdana><FONT color=#000080><FONT size=-2>MaXware Benelux
BV</FONT></FONT></FONT></I></B> <BR><B><I><FONT face=Verdana><FONT
color=#000080><FONT size=-2>Burg.Stramanweg 105F, 1101 AA
Amsterdam</FONT></FONT></FONT></I></B> <BR><B><FONT face=Verdana><FONT
color=#000080><FONT size=-2>Tel: +31(0)20 4529650, Fax: +31(0)20
4529161</FONT></FONT></FONT></B> <BR><B><FONT face=Verdana><FONT size=-2><FONT
color=#000080>E-mail:</FONT><A
href="mailto:Colin.Chalmers@maxware.nl">Colin.Chalmers@maxware.nl</A></FONT></FONT></B>
<BR><B><FONT face=Verdana><FONT size=-2><FONT color=#000080>Web: </FONT><A
href="http://www.maxware.nl">www.maxware.nl</A></FONT></FONT></B></CENTER><BR><B><FONT
face="Century Gothic"><FONT color=#000080><FONT
size=-2></FONT></FONT></FONT></B> </P></DIV></BLOCKQUOTE></BODY></HTML>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic