How to Limit the Cert chain to some sepcified number...

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

How to Limit the Cert chain to some sepcified number...

Usman Riaz
Hi All,
      I want to issue my customers certificate signed by my certificate (a self-signed certificate). I want to limit the issued certificate to not to act as a CA. I generated the Root CA on command-line via openssl, and the customer certs are generated dynamically by php script (that also uses openssl in the background). I would like to specify the cert chain length in genrating my Root CA (little bit easier for me :), don't know if it is possible) rather then when creating the customer certs.
 
 
Any help/comments are highly appreciated.
Regards,
Usman.


Explore the seven wonders of the world Learn more!
Reply | Threaded
Open this post in threaded view
|

Re: How to Limit the Cert chain to some sepcified number...

Goetz Babin-Ebell
Hello Usman,

--On Mai 05, 2007 14:11:08 +0500 Usman Riaz <[hidden email]> wrote:

> I want to issue my customers certificate signed by my certificate
> (a self-signed certificate). I want to limit the issued certificate to
> not to act as a CA.
> I would like to specify the cert chain
> length in genrating my Root CA (little bit easier for me :), don't know
> if it is possible) rather then when creating the customer certs.

The X509-V3 extension basicConstraints is you friend...

Bye

Goetz

--
DMCA: The greed of the few outweights the freedom of the many

attachment0 (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

RE: How to Limit the Cert chain to some sepcified number...

Usman Riaz
In reply to this post by Usman Riaz
Thanks Goetz, much appreciated!
 
Regards,
Usman.

> Date: Sat, 5 May 2007 13:59:04 +0200
> From: [hidden email]
> CC: [hidden email]
> Subject: Re: How to Limit the Cert chain to some sepcified number...
> To: [hidden email]
>
> Hello Usman,
>
> --On Mai 05, 2007 14:11:08 +0500 Usman Riaz <[hidden email]> wrote:
>
> > I want to issue my customers certificate signed by my certificate
> > (a self-signed certificate). I want to limit the issued certificate to
> > not to act as a CA.
> > I would like to specify the cert chain
> > length in genrating my Root CA (little bit easier for me :), don't know
> > if it is possible) rather then when creating the customer certs.
>
> The X509-V3 extension basicConstraints is you friend...
>
> Bye
>
> Goetz
>
> --
> DMCA: The greed of the few outweights the freedom of the many



Explore the seven wonders of the world Learn more!