|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Can i make personal ssl cert from verisign's one?I think i'm almost succeed. it's so easy. set openssl SSLCACertificateFile to verisign's one. cert tree appear to follow. VeriSign Class 3 Public Primary CA | ---> www.verisign.com/CPS incorp.by Ref. LIABILITY LTD. (c)97 VeriSign | ----->www.yourdomain.com | -----> NewOne.comBut, the file www.yourdomain.com contain expired cert (CPS incorp..blah) I think it's some kind of 'prevention' of verisign. so, I try to export many site's cert. and i knew some site's cert is contain valid cert. therefore, somebody know the site that sold valid cert? What are the OIDs for the certificate for "www.yourdomain.com"?
Surely it can only be used for Server Authentication (and similar), not for signing other certificates? Cheers Ken <heing***@gmail.com> wrote in message Show quoteHide quote news:1151652967.013632.16900@b68g2000cwa.googlegroups.com... >I tryed it until yesterday. > > I think i'm almost succeed. > > it's so easy. set openssl SSLCACertificateFile to verisign's one. > > cert tree appear to follow. > > VeriSign Class 3 Public Primary CA > | > ---> www.verisign.com/CPS incorp.by Ref. LIABILITY LTD. (c)97 VeriSign > | > ----->www.yourdomain.com > | > -----> NewOne.com > > But, the file www.yourdomain.com contain expired cert (CPS > incorp..blah) > > I think it's some kind of 'prevention' of verisign. > > so, I try to export many site's cert. and i knew some site's cert is > contain > > valid cert. > > therefore, somebody know the site that sold valid cert? > How can i classify it?
Every cert not rejected when i signing with openssl even if that does not work. I found simple solution of it. just click the lock icon, export current level cert to file and click the exported file. You will meet some kind of error (usually root ca doesn't show up) or valid one but almost expired. Try https://verisign.com However, i cannot classify OID that you said. Could you help me to find out that? Thanks in advance. Ken Schaefer wrote: Show quoteHide quote > What are the OIDs for the certificate for "www.yourdomain.com"? > > Surely it can only be used for Server Authentication (and similar), not for > signing other certificates? > > Cheers > Ken > > <heing***@gmail.com> wrote in message > news:1151652967.013632.16900@b68g2000cwa.googlegroups.com... > >I tryed it until yesterday. > > > > I think i'm almost succeed. > > > > it's so easy. set openssl SSLCACertificateFile to verisign's one. > > > > cert tree appear to follow. > > > > VeriSign Class 3 Public Primary CA > > | > > ---> www.verisign.com/CPS incorp.by Ref. LIABILITY LTD. (c)97 VeriSign > > | > > ----->www.yourdomain.com > > | > > -----> NewOne.com > > > > But, the file www.yourdomain.com contain expired cert (CPS > > incorp..blah) > > > > I think it's some kind of 'prevention' of verisign. > > > > so, I try to export many site's cert. and i knew some site's cert is > > contain > > > > valid cert. > > > > therefore, somebody know the site that sold valid cert? > > The purposes that a certificate can be used for are determined by the
issuing CA. If a certificate is issued for server-authentication, you can't use it for other purposes. The OIDs for a certificate are available via the Certificate Manager MMC snapin (Start -> Run -> certmgr.msc) Cheers Ken <heing***@gmail.com> wrote in message Show quoteHide quote news:1151887684.962681.123840@h44g2000cwa.googlegroups.com... > How can i classify it? > > Every cert not rejected when i signing with openssl even if > that does not work. > > I found simple solution of it. just click the lock icon, export > current level cert to file and click the exported file. > > You will meet some kind of error (usually root ca doesn't show up) > or valid one but almost expired. > > Try https://verisign.com > > However, i cannot classify OID that you said. > > Could you help me to find out that? > > Thanks in advance. > > Ken Schaefer wrote: >> What are the OIDs for the certificate for "www.yourdomain.com"? >> >> Surely it can only be used for Server Authentication (and similar), not >> for >> signing other certificates? >> >> Cheers >> Ken >> >> <heing***@gmail.com> wrote in message >> news:1151652967.013632.16900@b68g2000cwa.googlegroups.com... >> >I tryed it until yesterday. >> > >> > I think i'm almost succeed. >> > >> > it's so easy. set openssl SSLCACertificateFile to verisign's one. >> > >> > cert tree appear to follow. >> > >> > VeriSign Class 3 Public Primary CA >> > | >> > ---> www.verisign.com/CPS incorp.by Ref. LIABILITY LTD. (c)97 VeriSign >> > | >> > ----->www.yourdomain.com >> > | >> > -----> NewOne.com >> > >> > But, the file www.yourdomain.com contain expired cert (CPS >> > incorp..blah) >> > >> > I think it's some kind of 'prevention' of verisign. >> > >> > so, I try to export many site's cert. and i knew some site's cert is >> > contain >> > >> > valid cert. >> > >> > therefore, somebody know the site that sold valid cert? >> > > I understand what you say.
but, I'm talking about Non-root CA signing. I can make cert from non-permitted cert. there is some limitation. 1. original cert must be use Intermediate (cert chain) single-root cert is not working. 2. original cert must be valid when i double-clicked that in windows. example) expired one: http://user.chol.com/~mirror/t1.cer valid one: http://user.chol.com/~mirror/t2.cer thanks in advance. Ken Schaefer wrote: Show quoteHide quote > The purposes that a certificate can be used for are determined by the > issuing CA. If a certificate is issued for server-authentication, you can't > use it for other purposes. The OIDs for a certificate are available via the > Certificate Manager MMC snapin (Start -> Run -> certmgr.msc) > > Cheers > Ken > > <heing***@gmail.com> wrote in message > news:1151887684.962681.123840@h44g2000cwa.googlegroups.com... > > How can i classify it? > > > > Every cert not rejected when i signing with openssl even if > > that does not work. > > > > I found simple solution of it. just click the lock icon, export > > current level cert to file and click the exported file. > > > > You will meet some kind of error (usually root ca doesn't show up) > > or valid one but almost expired. > > > > Try https://verisign.com > > > > However, i cannot classify OID that you said. > > > > Could you help me to find out that? > > > > Thanks in advance. > > > > Ken Schaefer wrote: > >> What are the OIDs for the certificate for "www.yourdomain.com"? > >> > >> Surely it can only be used for Server Authentication (and similar), not > >> for > >> signing other certificates? > >> > >> Cheers > >> Ken > >> > >> <heing***@gmail.com> wrote in message > >> news:1151652967.013632.16900@b68g2000cwa.googlegroups.com... > >> >I tryed it until yesterday. > >> > > >> > I think i'm almost succeed. > >> > > >> > it's so easy. set openssl SSLCACertificateFile to verisign's one. > >> > > >> > cert tree appear to follow. > >> > > >> > VeriSign Class 3 Public Primary CA > >> > | > >> > ---> www.verisign.com/CPS incorp.by Ref. LIABILITY LTD. (c)97 VeriSign > >> > | > >> > ----->www.yourdomain.com > >> > | > >> > -----> NewOne.com > >> > > >> > But, the file www.yourdomain.com contain expired cert (CPS > >> > incorp..blah) > >> > > >> > I think it's some kind of 'prevention' of verisign. > >> > > >> > so, I try to export many site's cert. and i knew some site's cert is > >> > contain > >> > > >> > valid cert. > >> > > >> > therefore, somebody know the site that sold valid cert? > >> > > > 
Other interesting topics
Is there a way to avoid/security alert box from redirecting to HTTP to HTTPS?
Can Somone Tell Me If We Have a Hacker? A little help (kerberos, netbios, and SPN... oh my!) security error in IIS logs (401.2 error) login problem with iis and webdav. The IIS service does not seem to be serving up .asmx or .asp pages Filtering Query String IIS6 HTTPS POST not being returned to .ASP file... IIS5: Renew certificate monitor access to docs on IIS |
|||||||||||||||||||||||
