Re: [saag] TLS signing request software other than openssl
Watson Ladd <watsonbladd@gmail.com> Sat, 27 April 2019 02:16 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB2DD1200B1 for <saag@ietfa.amsl.com>; Fri, 26 Apr 2019 19:16:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k649LmM8BbVU for <saag@ietfa.amsl.com>; Fri, 26 Apr 2019 19:16:24 -0700 (PDT)
Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4674C120086 for <saag@ietf.org>; Fri, 26 Apr 2019 19:16:24 -0700 (PDT)
Received: by mail-lj1-x22f.google.com with SMTP id p14so4579687ljg.5 for <saag@ietf.org>; Fri, 26 Apr 2019 19:16:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Hr1SiMCFiXIVFv9ZpOQqYJ0YKsdbejlG0GW7HAiGlog=; b=Qzo4dTB4jOKo4Qt4EWLSQv+HvMFSEQ4a0i3k4e4hO7hkFYeecPNplWXOr9xT3BRPdt UGkw/gSm4umVgZBH+qnYsHvVnpueRY1BQ3/EoMRuBWqA8MbWhgY4UPD6xdlR4eeeSHhf jltHgnzsH2TutV883nfaU1ifInCvY0tVfyF3Q3G40BFCF6VGCRa3ps8xUyglUQddB8qK QSoI9UjZBJuh9qf7MpUT5+KaMAoHf641vDW53wUwgbeI3ohkLV9fncgNLi4/Tw/P7B8m SELubtibdYafSGF1q9a+wDvZ9qSludOPVnwqt1tqASs/gY0FVHYTZm/qARUho2MKFFYg C05A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Hr1SiMCFiXIVFv9ZpOQqYJ0YKsdbejlG0GW7HAiGlog=; b=a9HG+gJj8fItzlVicUDmz1s5U5l7xfakHxRAUg14AgsB4iVcsVI82HCUaSR328eJlS iRHf9hJKEI+bEPFgF1g/C7C+WDbbvwyCBYLWFwMzgYnuubYmXwSRBwlew8DK5WzQ3FXI alkYZ45Bq/AriVo+rQMrFcwnUwO92ZuW51+E6Mo4Bu2tvjA9agFVr+8BUQ/pawA73Mix Sz/jzf1eg4TXGVLEQCRRU88X6kxBPr7yOOnLeR7m3buuf1W1OzTpHx0NJtLbxqeX68qk FoCNhbESoHY7/Y0ynRtzMVU6qtHr7RGFuQS/YgACK0dSntzmGettjFiDTGoPluYsRlPF 13IQ==
X-Gm-Message-State: APjAAAV+0+kCOnN7zTfrdzmx6pU4vaPutHn3SJFv+GqBopNsC+ZqEfDZ PJsWmTXlo5bEmlt1NB8gSQxObPWgtpRTipqu5pqTDiZJ
X-Google-Smtp-Source: APXvYqzLFoIdUMDq/8E4p6s+/PyllyPrzTYEb+h+a3+iNra/jR8W/CRxR61jOappEu9XCpE+Ujb7nb7QRXn/yY/t+OU=
X-Received: by 2002:a2e:7605:: with SMTP id r5mr5117472ljc.161.1556331382276; Fri, 26 Apr 2019 19:16:22 -0700 (PDT)
MIME-Version: 1.0
References: <20190425202212.4C6652012F0BD3@ary.qy> <1556243760613.77468@cs.auckland.ac.nz> <877832b0-4844-4421-b1f1-097eec9987a1@www.fastmail.com>
In-Reply-To: <877832b0-4844-4421-b1f1-097eec9987a1@www.fastmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Fri, 26 Apr 2019 19:16:10 -0700
Message-ID: <CACsn0ck_+y-O5upSjGf4xKqp4JH4uxR+XW8TiEjT7LVBjsm8Rg@mail.gmail.com>
To: Martin Thomson <mt@lowentropy.net>
Cc: IETF SAAG <saag@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/nygVF0LV3M1o2MGBQJr3cnX73g8>
Subject: Re: [saag] TLS signing request software other than openssl
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Apr 2019 02:16:27 -0000
I've always used https://github.com/cloudflare/cfssl at work (not surprisingly) and found it gets the job done. On Thu, Apr 25, 2019 at 7:40 PM Martin Thomson <mt@lowentropy.net> wrote: > > On Fri, Apr 26, 2019, at 11:56, Peter Gutmann wrote: > > https://csrgenerator.com/ > > That's probably OK, but it produces a private key in a context you don't want. Use it for demonstration purposes only. > > Add NSS `certutil -R` to the list. > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag -- "Man is born free, but everywhere he is in chains". --Rousseau.
- Re: [saag] TLS signing request software other tha… Martin Thomson
- [saag] TLS signing request software other than op… John Levine
- Re: [saag] TLS signing request software other tha… Russ Housley
- Re: [saag] TLS signing request software other tha… Peter Gutmann
- Re: [saag] TLS signing request software other tha… Watson Ladd