What is a chellenge password?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

What is a chellenge password?

Michaël Hooreman
Good afternoon,

Just a question: what is the challenge password asked when we do a
certificate request?

Everywhere, I see it lefted blank, but I don't understand his usage.

Tank you for your help.

---
Michaël Hooreman

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: What is a challenge password?

Stuart Halliday
> Good afternoon,
>
> Just a question: what is the challenge password asked when we do a
> certificate request?
>
> Everywhere, I see it lefted blank, but I don't understand his usage.

Me too.

I've just recently go into certs (so I know virtually zero) and didn't
find any readable documents on its use, so I too left it blank.

I guess that it's a second level of protection to stop you when you try to
install a stolen cert on your machine in MMC on a Windows XP machine for
example?


--
Stuart Halliday
ECS Technology ltd
Registered in Scotland - #212513


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: What is a challenge password?

Michaël Hooreman
[hidden email] <> scribbled on vendredi 17 mars 2006
11:51:

> I guess that it's a second level of protection to stop you
> when you try to install a stolen cert on your machine in MMC
> on a Windows XP machine for example?

No, to use a cert in win XP, we have to use a .p12 export, who asks for
a export/import password.

That's this passwor dwho is asked by windows.

---
Michaël Hooreman

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: What is a challenge password?

Stuart Halliday
> [hidden email] <> scribbled on vendredi 17 mars 2006
> 11:51:
>
> > I guess that it's a second level of protection to stop you
> > when you try to install a stolen cert on your machine in MMC
> > on a Windows XP machine for example?
>
> No, to use a cert in win XP, we have to use a .p12 export, who asks for
> a export/import password.
>
> That's this password who is asked by windows.

Ah sorry, confused Challenge Password with the optional Export password.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: What is a challenge password?

Michaël Hooreman
[hidden email] <> scribbled on vendredi 17 mars 2006
12:13:

> Ah sorry, confused Challenge Password with the optional
> Export password.

No problem! ;)

---
Michaël Hooreman

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: What is a chellenge password?

Dr. Stephen Henson
In reply to this post by Michaël Hooreman
On Thu, Mar 16, 2006, Michal Hooreman wrote:

> Good afternoon,
>
> Just a question: what is the challenge password asked when we do a
> certificate request?
>
> Everywhere, I see it lefted blank, but I don't understand his usage.
>

It is largely a legacy attribute. The original intention was I believe to
provide a password which the certificate holder could later use (in some
unspecified manner) to revoke the certificate.

Other than the attribute being set and being visible by the 'req' utility it
is ignored by OpenSSL.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: What is a chellenge password?

Michaël Hooreman
[hidden email] <> scribbled on :

> On Thu, Mar 16, 2006, Michal Hooreman wrote:
>
>> Good afternoon,
>>
>> Just a question: what is the challenge password asked when we do a
>> certificate request?
>>
>> Everywhere, I see it lefted blank, but I don't understand his usage.
>>
>
> It is largely a legacy attribute. The original intention was
> I believe to provide a password which the certificate holder
> could later use (in some unspecified manner) to revoke the
> certificate.
>
> Other than the attribute being set and being visible by the
> 'req' utility it is ignored by OpenSSL.
>
> Steve.

Thank you for your help.

---
Michaël Hooreman
Keyware Transaction and Processing
Rue Laid Burniad, 4
1348 - Louvain-La-Neuve
Belgium
Tel : +32 (0)10 48 01 21
Fax : +32 (0)10 45 77 67
[hidden email]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]