* [9fans] cert signing request
@ 2007-01-09 0:26 Skip Tavakkolian
2007-01-09 1:03 ` Felipe Bichued
0 siblings, 1 reply; 10+ messages in thread
From: Skip Tavakkolian @ 2007-01-09 0:26 UTC (permalink / raw)
To: 9fans
is there a way to generate a csr with auth tools?
(i.e, equiv. to 'openssl req -new ...')
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9fans] cert signing request
2007-01-09 0:26 [9fans] cert signing request Skip Tavakkolian
@ 2007-01-09 1:03 ` Felipe Bichued
2007-01-09 3:13 ` Benn Newman
0 siblings, 1 reply; 10+ messages in thread
From: Felipe Bichued @ 2007-01-09 1:03 UTC (permalink / raw)
To: 9fans
Hello,
As far as I know libsec still doesn't know how to write x509.
There is more information about it in the archives.
Regards.
On 1/8/07, Skip Tavakkolian <9nut@9netics.com> wrote:
> is there a way to generate a csr with auth tools?
> (i.e, equiv. to 'openssl req -new ...')
>
>
--
Felipe
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9fans] cert signing request
2007-01-09 1:03 ` Felipe Bichued
@ 2007-01-09 3:13 ` Benn Newman
2007-01-09 4:10 ` Skip Tavakkolian
2007-01-09 8:32 ` Charles Forsyth
0 siblings, 2 replies; 10+ messages in thread
From: Benn Newman @ 2007-01-09 3:13 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
fgb has openssl in his contrib. I don't know if it works, though.
Felipe Bichued said:
> Hello,
>
> As far as I know libsec still doesn't know how to write x509.
>
> There is more information about it in the archives.
>
> Regards.
>
> On 1/8/07, Skip Tavakkolian <9nut@9netics.com> wrote:
>> is there a way to generate a csr with auth tools?
>> (i.e, equiv. to 'openssl req -new ...')
>>
>>
>
>
> --
> Felipe
>
--
Benn Newman
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9fans] cert signing request
2007-01-09 3:13 ` Benn Newman
@ 2007-01-09 4:10 ` Skip Tavakkolian
2007-01-09 8:32 ` Charles Forsyth
1 sibling, 0 replies; 10+ messages in thread
From: Skip Tavakkolian @ 2007-01-09 4:10 UTC (permalink / raw)
To: 9fans
> fgb has openssl in his contrib. I don't know if it works, though.
yep. that seems to work. thanks.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9fans] cert signing request
2007-01-09 3:13 ` Benn Newman
2007-01-09 4:10 ` Skip Tavakkolian
@ 2007-01-09 8:32 ` Charles Forsyth
2007-01-09 8:44 ` Gabriel Diaz
1 sibling, 1 reply; 10+ messages in thread
From: Charles Forsyth @ 2007-01-09 8:32 UTC (permalink / raw)
To: 9fans
> As far as I know libsec still doesn't know how to write x509.
rsa(8) has rsa2x509 and an example
Generate a fresh key and use it to start a TLS-enabled web
server:
auth/rsagen -t 'service=tls owner=*' >key
auth/rsa2x509 'C=US CN=*.cs.bell-labs.com' key |
auth/pemencode CERTIFICATE >cert
cat key >/mnt/factotum/ctl
ip/httpd/httpd -c cert
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9fans] cert signing request
2007-01-09 8:32 ` Charles Forsyth
@ 2007-01-09 8:44 ` Gabriel Diaz
2007-01-09 8:56 ` Gabriel Diaz
2007-01-09 9:35 ` Charles Forsyth
0 siblings, 2 replies; 10+ messages in thread
From: Gabriel Diaz @ 2007-01-09 8:44 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
[-- Attachment #1: Type: text/plain, Size: 745 bytes --]
hello
i think this doesn't work if you want to ask Verisign to sign your request,
isn't it?, but i think libsec has almost all the code to build a request as
in rfc2511 :-? am i wrong?
slds.
gabi
On 1/9/07, Charles Forsyth <forsyth@terzarima.net> wrote:
>
> > As far as I know libsec still doesn't know how to write x509.
>
> rsa(8) has rsa2x509 and an example
> Generate a fresh key and use it to start a TLS-enabled web
> server:
>
> auth/rsagen -t 'service=tls owner=*' >key
> auth/rsa2x509 'C=US CN=*.cs.bell-labs.com' key |
> auth/pemencode CERTIFICATE >cert
> cat key >/mnt/factotum/ctl
> ip/httpd/httpd -c cert
>
[-- Attachment #2: Type: text/html, Size: 1637 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9fans] cert signing request
2007-01-09 8:44 ` Gabriel Diaz
@ 2007-01-09 8:56 ` Gabriel Diaz
2007-01-09 10:59 ` Felipe Bichued
2007-01-09 9:35 ` Charles Forsyth
1 sibling, 1 reply; 10+ messages in thread
From: Gabriel Diaz @ 2007-01-09 8:56 UTC (permalink / raw)
To: Fans of the OS Plan 9 from Bell Labs
[-- Attachment #1: Type: text/plain, Size: 1191 bytes --]
hello
a quick look in /sys/src/libsec/port/x509.c shows
uchar*
X509req(RSApriv *priv, char *subj, int *certlen)
{
/* RFC 2314, PKCS #10 Certification Request Syntax */
so it is done already, at least using the RSA lab way :)
(the rfc2511 seems to be the Entrust/Verisign way of doing the same :-? )
slds.
gabi
On 1/9/07, Gabriel Diaz <gabidiaz@gmail.com> wrote:
>
> hello
>
> i think this doesn't work if you want to ask Verisign to sign your
> request, isn't it?, but i think libsec has almost all the code to build a
> request as in rfc2511 :-? am i wrong?
>
> slds.
>
> gabi
>
>
>
> On 1/9/07, Charles Forsyth <forsyth@terzarima.net> wrote:
> >
> > > As far as I know libsec still doesn't know how to write x509.
> >
> > rsa(8) has rsa2x509 and an example
> > Generate a fresh key and use it to start a TLS-enabled web
> > server:
> >
> > auth/rsagen -t 'service=tls owner=*' >key
> > auth/rsa2x509 'C=US CN=*.cs.bell- labs.com' key |
> > auth/pemencode CERTIFICATE >cert
> > cat key >/mnt/factotum/ctl
> > ip/httpd/httpd -c cert
> >
>
>
[-- Attachment #2: Type: text/html, Size: 2693 bytes --]
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9fans] cert signing request
2007-01-09 8:44 ` Gabriel Diaz
2007-01-09 8:56 ` Gabriel Diaz
@ 2007-01-09 9:35 ` Charles Forsyth
1 sibling, 0 replies; 10+ messages in thread
From: Charles Forsyth @ 2007-01-09 9:35 UTC (permalink / raw)
To: 9fans
>i think this doesn't work if you want to ask Verisign to sign your request,
whenever i've been forced to use Verisad, they provide the public key as well.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9fans] cert signing request
2007-01-09 8:56 ` Gabriel Diaz
@ 2007-01-09 10:59 ` Felipe Bichued
2007-01-09 16:17 ` Skip Tavakkolian
0 siblings, 1 reply; 10+ messages in thread
From: Felipe Bichued @ 2007-01-09 10:59 UTC (permalink / raw)
To: 9fans
I saw that but totally forgot to check if auth tools made any use of it.
Seems like what Skip wants is auth/rsa2csr.
Sorry for the earlier noise.
On 1/9/07, Gabriel Diaz <gabidiaz@gmail.com> wrote:
> hello
>
> a quick look in /sys/src/libsec/port/x509.c shows
>
> uchar*
> X509req(RSApriv *priv, char *subj, int *certlen)
> {
> /* RFC 2314, PKCS #10 Certification Request Syntax */
>
> so it is done already, at least using the RSA lab way :)
> (the rfc2511 seems to be the Entrust/Verisign way of doing the same :-? )
>
> slds.
>
> gabi
>
>
>
>
> On 1/9/07, Gabriel Diaz <gabidiaz@gmail.com> wrote:
> >
> > hello
> >
> > i think this doesn't work if you want to ask Verisign to sign your
> request, isn't it?, but i think libsec has almost all the code to build a
> request as in rfc2511 :-? am i wrong?
> >
> > slds.
> >
> > gabi
> >
> >
> >
> >
> > On 1/9/07, Charles Forsyth <forsyth@terzarima.net > wrote:
> > > > As far as I know libsec still doesn't know how to write x509.
> > >
> > > rsa(8) has rsa2x509 and an example
> > > Generate a fresh key and use it to start a TLS-enabled web
> > > server:
> > >
> > > auth/rsagen -t 'service=tls owner=*' >key
> > > auth/rsa2x509 'C=US CN=*.cs.bell- labs.com' key |
> > > auth/pemencode CERTIFICATE >cert
> > > cat key >/mnt/factotum/ctl
> > > ip/httpd/httpd -c cert
> > >
> >
> >
>
>
--
Felipe
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [9fans] cert signing request
2007-01-09 10:59 ` Felipe Bichued
@ 2007-01-09 16:17 ` Skip Tavakkolian
0 siblings, 0 replies; 10+ messages in thread
From: Skip Tavakkolian @ 2007-01-09 16:17 UTC (permalink / raw)
To: 9fans
> Seems like what Skip wants is auth/rsa2csr.
i totally missed it. teaches me to just look at man pages. thanks.
it didn't always live in auth/
cpu% auth/rsa2csr
usage: aux/rsa2csr 'C=US ...CN=xxx' [key]cpu%
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2007-01-09 16:17 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-01-09 0:26 [9fans] cert signing request Skip Tavakkolian
2007-01-09 1:03 ` Felipe Bichued
2007-01-09 3:13 ` Benn Newman
2007-01-09 4:10 ` Skip Tavakkolian
2007-01-09 8:32 ` Charles Forsyth
2007-01-09 8:44 ` Gabriel Diaz
2007-01-09 8:56 ` Gabriel Diaz
2007-01-09 10:59 ` Felipe Bichued
2007-01-09 16:17 ` Skip Tavakkolian
2007-01-09 9:35 ` Charles Forsyth
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).