From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: Date: Tue, 9 Jan 2007 08:59:04 -0200 From: "Felipe Bichued" To: 9fans@cse.psu.edu Subject: Re: [9fans] cert signing request In-Reply-To: <82c890d00701090056g34428d74pf550de61680e043d@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <39355.66.222.64.178.1168312418.squirrel@66.222.64.178> <82c890d00701090044u684ad3bfs78d2381dbca2523@mail.gmail.com> <82c890d00701090056g34428d74pf550de61680e043d@mail.gmail.com> Topicbox-Message-UUID: ffb706f4-ead1-11e9-9d60-3106f5b1d025 I saw that but totally forgot to check if auth tools made any use of it. Seems like what Skip wants is auth/rsa2csr. Sorry for the earlier noise. On 1/9/07, Gabriel Diaz wrote: > hello > > a quick look in /sys/src/libsec/port/x509.c shows > > uchar* > X509req(RSApriv *priv, char *subj, int *certlen) > { > /* RFC 2314, PKCS #10 Certification Request Syntax */ > > so it is done already, at least using the RSA lab way :) > (the rfc2511 seems to be the Entrust/Verisign way of doing the same :-? ) > > slds. > > gabi > > > > > On 1/9/07, Gabriel Diaz wrote: > > > > hello > > > > i think this doesn't work if you want to ask Verisign to sign your > request, isn't it?, but i think libsec has almost all the code to build a > request as in rfc2511 :-? am i wrong? > > > > slds. > > > > gabi > > > > > > > > > > On 1/9/07, Charles Forsyth wrote: > > > > As far as I know libsec still doesn't know how to write x509. > > > > > > rsa(8) has rsa2x509 and an example > > > Generate a fresh key and use it to start a TLS-enabled web > > > server: > > > > > > auth/rsagen -t 'service=tls owner=*' >key > > > auth/rsa2x509 'C=US CN=*.cs.bell- labs.com' key | > > > auth/pemencode CERTIFICATE >cert > > > cat key >/mnt/factotum/ctl > > > ip/httpd/httpd -c cert > > > > > > > > > -- Felipe