[9fans] cert signing request

[9fans] cert signing request

[Skip Tavakkolian]

is there a way to generate a csr with auth tools?
(i.e, equiv. to 'openssl req -new ...')

Re: [9fans] cert signing request

[Felipe Bichued]

Hello,

As far as I know libsec still doesn't know how to write x509.

There is more information about it in the archives.

Regards.

On 1/8/07, Skip Tavakkolian <9nut@9netics.com> wrote:
> is there a way to generate a csr with auth tools?
> (i.e, equiv. to 'openssl req -new ...')
>
>


--
Felipe

Re: [9fans] cert signing request

[Benn Newman]

fgb has openssl in his contrib. I don't know if it works, though.

Felipe Bichued said:
> Hello,
>
> As far as I know libsec still doesn't know how to write x509.
>
> There is more information about it in the archives.
>
> Regards.
>
> On 1/8/07, Skip Tavakkolian <9nut@9netics.com> wrote:
>> is there a way to generate a csr with auth tools?
>> (i.e, equiv. to 'openssl req -new ...')
>>
>>
>
>
> --
> Felipe
>
-- 
Benn Newman

Re: [9fans] cert signing request

[Skip Tavakkolian]

> fgb has openssl in his contrib. I don't know if it works, though.

yep. that seems to work. thanks.

Re: [9fans] cert signing request

[Charles Forsyth]

> As far as I know libsec still doesn't know how to write x509.

rsa(8) has rsa2x509 and an example
          Generate a fresh key and use it to start a TLS-enabled web
          server:

               auth/rsagen -t 'service=tls owner=*' >key
               auth/rsa2x509 'C=US CN=*.cs.bell-labs.com' key |
                    auth/pemencode CERTIFICATE >cert
               cat key >/mnt/factotum/ctl
               ip/httpd/httpd -c cert

Re: [9fans] cert signing request

[Gabriel Diaz]

[-- Attachment #1: Type: text/plain, Size: 745 bytes --]

hello

i think this doesn't work if you want to ask Verisign to sign your request,
isn't it?, but i think libsec has almost all the code to build a request as
in rfc2511 :-? am i wrong?

slds.

gabi



On 1/9/07, Charles Forsyth <forsyth@terzarima.net> wrote:
>
> > As far as I know libsec still doesn't know how to write x509.
>
> rsa(8) has rsa2x509 and an example
>          Generate a fresh key and use it to start a TLS-enabled web
>          server:
>
>               auth/rsagen -t 'service=tls owner=*' >key
>               auth/rsa2x509 'C=US CN=*.cs.bell-labs.com' key |
>                    auth/pemencode CERTIFICATE >cert
>               cat key >/mnt/factotum/ctl
>               ip/httpd/httpd -c cert
>

[-- Attachment #2: Type: text/html, Size: 1637 bytes --]

Re: [9fans] cert signing request

[Gabriel Diaz]

[-- Attachment #1: Type: text/plain, Size: 1191 bytes --]

hello

a quick look in /sys/src/libsec/port/x509.c shows

uchar*
X509req(RSApriv *priv, char *subj, int *certlen)
{
 /* RFC 2314, PKCS #10 Certification Request Syntax */

so it is done already, at least using the RSA lab way :)
(the rfc2511 seems to be the Entrust/Verisign way of doing the same :-? )

slds.

gabi



On 1/9/07, Gabriel Diaz <gabidiaz@gmail.com> wrote:
>
> hello
>
> i think this doesn't work if you want to ask Verisign to sign your
> request, isn't it?, but i think libsec has almost all the code to build a
> request as in rfc2511 :-? am i wrong?
>
> slds.
>
> gabi
>
>
>
> On 1/9/07, Charles Forsyth <forsyth@terzarima.net> wrote:
> >
> > > As far as I know libsec still doesn't know how to write x509.
> >
> > rsa(8) has rsa2x509 and an example
> >          Generate a fresh key and use it to start a TLS-enabled web
> >          server:
> >
> >               auth/rsagen -t 'service=tls owner=*' >key
> >               auth/rsa2x509 'C=US CN=*.cs.bell- labs.com' key |
> >                    auth/pemencode CERTIFICATE >cert
> >               cat key >/mnt/factotum/ctl
> >               ip/httpd/httpd -c cert
> >
>
>

[-- Attachment #2: Type: text/html, Size: 2693 bytes --]

Re: [9fans] cert signing request

[Charles Forsyth]

>i think this doesn't work if you want to ask Verisign to sign your request,

whenever i've been forced to use Verisad, they provide the public key as well.

Re: [9fans] cert signing request

[Felipe Bichued]

I saw that but totally forgot to check if auth tools made any use of it.

Seems like what Skip wants is auth/rsa2csr.

Sorry for the earlier noise.

On 1/9/07, Gabriel Diaz <gabidiaz@gmail.com> wrote:
> hello
>
> a quick look in /sys/src/libsec/port/x509.c shows
>
> uchar*
> X509req(RSApriv *priv, char *subj, int *certlen)
> {
>  /* RFC 2314, PKCS #10 Certification Request Syntax */
>
> so it is done already, at least using the RSA lab way :)
> (the rfc2511 seems to be the Entrust/Verisign way of doing the same :-? )
>
> slds.
>
> gabi
>
>
>
>
> On 1/9/07, Gabriel Diaz <gabidiaz@gmail.com> wrote:
> >
> > hello
> >
> > i think this doesn't work if you want to ask Verisign to sign your
> request, isn't it?, but i think libsec has almost all the code to build a
> request as in rfc2511 :-? am i wrong?
> >
> > slds.
> >
> > gabi
> >
> >
> >
> >
> > On 1/9/07, Charles Forsyth <forsyth@terzarima.net > wrote:
> > > > As far as I know libsec still doesn't know how to write x509.
> > >
> > > rsa(8) has rsa2x509 and an example
> > >          Generate a fresh key and use it to start a TLS-enabled web
> > >          server:
> > >
> > >               auth/rsagen -t 'service=tls owner=*' >key
> > >               auth/rsa2x509 'C=US CN=*.cs.bell- labs.com' key |
> > >                    auth/pemencode CERTIFICATE >cert
> > >               cat key >/mnt/factotum/ctl
> > >               ip/httpd/httpd -c cert
> > >
> >
> >
>
>


--
Felipe

Re: [9fans] cert signing request

[Skip Tavakkolian]

> Seems like what Skip wants is auth/rsa2csr.

i totally missed it.  teaches me to just look at man pages.  thanks.

it didn't always live in auth/

cpu% auth/rsa2csr
usage: aux/rsa2csr 'C=US ...CN=xxx' [key]cpu%