* [9fans] multiple certs
@ 2004-03-31 22:11 Brantley Coile
2004-04-01 0:51 ` bs
2004-04-01 13:20 ` Russ Cox
0 siblings, 2 replies; 8+ messages in thread
From: Brantley Coile @ 2004-03-31 22:11 UTC (permalink / raw)
To: 9fans
So, maybe I missed it. Did anyone have a suggestion
on how to send a certificate chain in tlssrv?
Brantley
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] multiple certs
2004-03-31 22:11 [9fans] multiple certs Brantley Coile
@ 2004-04-01 0:51 ` bs
2004-04-01 0:54 ` Brantley Coile
2004-04-01 13:20 ` Russ Cox
1 sibling, 1 reply; 8+ messages in thread
From: bs @ 2004-04-01 0:51 UTC (permalink / raw)
To: 9fans
Brantley Coile wrote:
> So, maybe I missed it. Did anyone have a suggestion
> on how to send a certificate chain in tlssrv?
>
I don't think it can do certs as you see it.
What you can do is send the fingerprint of your cert,
which it can lookup and authorize.
This is similar to what some telnet clients do:
(a) someone must have had the authorization to the
fp on the server
(b) you are presenting me with that, so, you are OK
http://www.vandyke.com/products/securecrt/public_key.html
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] multiple certs
2004-04-01 0:51 ` bs
@ 2004-04-01 0:54 ` Brantley Coile
2004-04-01 2:10 ` bs
2004-04-01 2:14 ` bs
0 siblings, 2 replies; 8+ messages in thread
From: Brantley Coile @ 2004-04-01 0:54 UTC (permalink / raw)
To: 9fans
> Brantley Coile wrote:
>> So, maybe I missed it. Did anyone have a suggestion
>> on how to send a certificate chain in tlssrv?
>>
> I don't think it can do certs as you see it.
>
> What you can do is send the fingerprint of your cert,
> which it can lookup and authorize.
I want to do https without having the browser fuss.
How can figerprints help with that?
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] multiple certs
2004-04-01 0:54 ` Brantley Coile
@ 2004-04-01 2:10 ` bs
2004-04-01 2:14 ` bs
1 sibling, 0 replies; 8+ messages in thread
From: bs @ 2004-04-01 2:10 UTC (permalink / raw)
To: 9fans
Brantley Coile wrote:
>>Brantley Coile wrote:
>>
>>>So, maybe I missed it. Did anyone have a suggestion
>>>on how to send a certificate chain in tlssrv?
>>>
>>
>>I don't think it can do certs as you see it.
>>
>>What you can do is send the fingerprint of your cert,
>>which it can lookup and authorize.
>
>
> I want to do https without having the browser fuss.
> How can figerprints help with that?
>
I misunderstood: I assumed that you wanted the server
(https) to validate a clients cert. Fingerprints cannot
help you there.
I don't know this https server to tell you how to make it
present the cert chain.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] multiple certs
2004-04-01 0:54 ` Brantley Coile
2004-04-01 2:10 ` bs
@ 2004-04-01 2:14 ` bs
1 sibling, 0 replies; 8+ messages in thread
From: bs @ 2004-04-01 2:14 UTC (permalink / raw)
To: 9fans
Brantley Coile wrote:
>>Brantley Coile wrote:
>>
>>>So, maybe I missed it. Did anyone have a suggestion
>>>on how to send a certificate chain in tlssrv?
>>>
>>
>>I don't think it can do certs as you see it.
>>
>>What you can do is send the fingerprint of your cert,
>>which it can lookup and authorize.
>
>
> I want to do https without having the browser fuss.
> How can figerprints help with that?
>
If your browser is like Mozilla/Netscape, you can import
the server cert as a .pem file. So, if you know the cert it
presents, you can make the browser aware of it.
Simplest is to issue a self signed cert and import it
in the browser.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] multiple certs
2004-03-31 22:11 [9fans] multiple certs Brantley Coile
2004-04-01 0:51 ` bs
@ 2004-04-01 13:20 ` Russ Cox
2004-04-01 13:38 ` Brantley Coile
2004-04-01 14:28 ` boyd, rounin
1 sibling, 2 replies; 8+ messages in thread
From: Russ Cox @ 2004-04-01 13:20 UTC (permalink / raw)
To: 9fans
Brantley Coile wrote:
>So, maybe I missed it. Did anyone have a suggestion
>on how to send a certificate chain in tlssrv?
>
>
use the source, luke.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] multiple certs
2004-04-01 13:20 ` Russ Cox
@ 2004-04-01 13:38 ` Brantley Coile
2004-04-01 14:28 ` boyd, rounin
1 sibling, 0 replies; 8+ messages in thread
From: Brantley Coile @ 2004-04-01 13:38 UTC (permalink / raw)
To: 9fans
> Brantley Coile wrote:
>
>>So, maybe I missed it. Did anyone have a suggestion
>>on how to send a certificate chain in tlssrv?
>>
>>
>
> use the source, luke.
I am.
Can I just decode the pem, stick all the certs together and turn
them back into a pem and point tlssrv at that?
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [9fans] multiple certs
2004-04-01 13:20 ` Russ Cox
2004-04-01 13:38 ` Brantley Coile
@ 2004-04-01 14:28 ` boyd, rounin
1 sibling, 0 replies; 8+ messages in thread
From: boyd, rounin @ 2004-04-01 14:28 UTC (permalink / raw)
To: 9fans
> use the source, luke.
as one with the knowledge and magic of the source.
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2004-04-01 14:28 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2004-03-31 22:11 [9fans] multiple certs Brantley Coile
2004-04-01 0:51 ` bs
2004-04-01 0:54 ` Brantley Coile
2004-04-01 2:10 ` bs
2004-04-01 2:14 ` bs
2004-04-01 13:20 ` Russ Cox
2004-04-01 13:38 ` Brantley Coile
2004-04-01 14:28 ` boyd, rounin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).