Re: [pkix] RFC 5280 and example of a self signed end-entity certificate?
Yoav Nir <ynir.ietf@gmail.com> Sun, 20 November 2016 07:06 UTC
Return-Path: <ynir.ietf@gmail.com>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2304A1293FB for <pkix@ietfa.amsl.com>; Sat, 19 Nov 2016 23:06:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JpKFbiDZXmrX for <pkix@ietfa.amsl.com>; Sat, 19 Nov 2016 23:06:57 -0800 (PST)
Received: from mail-wj0-x229.google.com (mail-wj0-x229.google.com [IPv6:2a00:1450:400c:c01::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7C43A1293D6 for <pkix@ietf.org>; Sat, 19 Nov 2016 23:06:56 -0800 (PST)
Received: by mail-wj0-x229.google.com with SMTP id mp19so13459824wjc.1 for <pkix@ietf.org>; Sat, 19 Nov 2016 23:06:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=K+kJ9VQ7xtXjT6TI7Il0MEasdiRqfgD5v6EIEVdyImg=; b=XVKrBUy/GGMATUVXmOcZiM7b5QuTiuPpHGpRfBlai5QBwb63Ut6OHsQvDxhHOZCvPg fq2L9rDztcdb7GG0+ldP+d4QxFiFZ7kxr3x1lsA7b7l4dC7/grLT838UUreoWR+ROodI XyZR5q8gJp2HZoxZdqWteGce18BGUHpatneL/yv+NgrfqZ3igdBBFY1b/VPJFwblNZQA v10pxxg/FBwApvi2EdXRXkE67pIpxUzfYyXML0TKDgLPNds2PDo81iZGaazvtrautHY8 dDa97GAITQIF66MUIxBCaq3OcK68OXYP7YKdY4smA80UDRQDoyur4ChxhK+rwkfVz+VK ccAg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=K+kJ9VQ7xtXjT6TI7Il0MEasdiRqfgD5v6EIEVdyImg=; b=dL8FEE1go4TafHIC2ISw5R2amYivo9iOv5gpoKeAAORAgYddcMK8rI4DEG6firb+pS 52vSTUl2Adi5kR5KuKW48eioSZKBHKITJYsEhFRC4T6/I4BAG3SuowVTLBHuITGQeEQO 8CA6qLaUnEF3XoD7V2f98beqmU00JHrfhNaIlAiz94Y5IUq1VNTIQMf2cphdcqHE7AJM pQx3yQME7AIsrJIrJ4GjrqSPJ6vGvYYv9w7cS1m/EzyAidCcGMRz0JGk6mlCEIWSfY8v W5s3mOWjdoCwYmkr71kb1bKB/9NclABKWsn+Gn5nIaPlXmM+LeAOIbAenIb9G2ggOVRZ l3Pw==
X-Gm-Message-State: AKaTC00lGgYWIl/V8jXVHKAQFD8yfVQ/Twp452wNR3vchlQw/aIJFswaVQwKtRIpAbgU0A==
X-Received: by 10.195.30.43 with SMTP id kb11mr4710585wjd.131.1479625615010; Sat, 19 Nov 2016 23:06:55 -0800 (PST)
Received: from macbook-pro-2.mshome.net ([176.12.255.76]) by smtp.gmail.com with ESMTPSA id xu5sm17887680wjc.49.2016.11.19.23.06.53 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 19 Nov 2016 23:06:54 -0800 (PST)
From: Yoav Nir <ynir.ietf@gmail.com>
Message-Id: <7BE59266-C79D-42FD-A088-70531D6EB4D4@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_A653ADB7-755B-4DEF-BFB4-80B1E87389E9"
Mime-Version: 1.0 (Mac OS X Mail 10.1 \(3251\))
Date: Sun, 20 Nov 2016 09:06:51 +0200
In-Reply-To: <1479624960309.7436@cs.auckland.ac.nz>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
References: <CAH8yC8m886wq8DOzLcyXgkqQW4vmYCzCdvS78PBtcifMJUEGXA@mail.gmail.com> <1479624960309.7436@cs.auckland.ac.nz>
X-Mailer: Apple Mail (2.3251)
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/vBp2Ms9UgXrAhc_TszhvXkUb8-c>
Cc: PKIX <pkix@ietf.org>
Subject: Re: [pkix] RFC 5280 and example of a self signed end-entity certificate?
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Nov 2016 07:06:58 -0000
> On 20 Nov 2016, at 8:56, Peter Gutmann <pgut001@cs.auckland.ac.nz> wrote: > > Jeffrey Walton <noloader@gmail.com> writes: > >> Does anyone know where I might find an example of a elf-signed end-entity >> certificate? > > By finding an elf and getting them to sign one for you? Alternatively, if you > want a *self*-signed EE cert, by signing one yourself? Or am I missing > something here… I think you’re missing this: openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes You can even skip the “-keyout key.pem” if you only need an example cert. And you can add a "-outform DER" if you prefer it that way. Yoav
- [pkix] RFC 5280 and example of a self signed end-… Jeffrey Walton
- Re: [pkix] RFC 5280 and example of a self signed … gmail
- Re: [pkix] RFC 5280 and example of a self signed … Peter Gutmann
- Re: [pkix] RFC 5280 and example of a self signed … Yoav Nir
- Re: [pkix] RFC 5280 and example of a self signed … Jeffrey Walton
- Re: [pkix] RFC 5280 and example of a self signed … Yoav Nir
- Re: [pkix] RFC 5280 and example of a self signed … Jeffrey Walton
- Re: [pkix] RFC 5280 and example of a self signed … Annie
- Re: [pkix] RFC 5280 and example of a self signed … Peter Gutmann