[9fans] cert signing request - Plan9

This is a discussion on [9fans] cert signing request - Plan9 ; is there a way to generate a csr with auth tools? (i.e, equiv. to 'openssl req -new ...')...

+ Reply to Thread
Results 1 to 10 of 10

Thread: [9fans] cert signing request

  1. [9fans] cert signing request

    is there a way to generate a csr with auth tools?
    (i.e, equiv. to 'openssl req -new ...')


  2. Re: [9fans] cert signing request

    Hello,

    As far as I know libsec still doesn't know how to write x509.

    There is more information about it in the archives.

    Regards.

    On 1/8/07, Skip Tavakkolian <9nut@9netics.com> wrote:
    > is there a way to generate a csr with auth tools?
    > (i.e, equiv. to 'openssl req -new ...')
    >
    >



    --
    Felipe

  3. Re: [9fans] cert signing request

    fgb has openssl in his contrib. I don't know if it works, though.

    Felipe Bichued said:
    > Hello,
    >
    > As far as I know libsec still doesn't know how to write x509.
    >
    > There is more information about it in the archives.
    >
    > Regards.
    >
    > On 1/8/07, Skip Tavakkolian <9nut@9netics.com> wrote:
    >> is there a way to generate a csr with auth tools?
    >> (i.e, equiv. to 'openssl req -new ...')
    >>
    >>

    >
    >
    > --
    > Felipe
    >

    --
    Benn Newman


  4. Re: [9fans] cert signing request

    > fgb has openssl in his contrib. I don't know if it works, though.

    yep. that seems to work. thanks.


  5. Re: [9fans] cert signing request

    > As far as I know libsec still doesn't know how to write x509.

    rsa(8) has rsa2x509 and an example
    Generate a fresh key and use it to start a TLS-enabled web
    server:

    auth/rsagen -t 'service=tls owner=*' >key
    auth/rsa2x509 'C=US CN=*.cs.bell-labs.com' key |
    auth/pemencode CERTIFICATE >cert
    cat key >/mnt/factotum/ctl
    ip/httpd/httpd -c cert

  6. Re: [9fans] cert signing request

    hello

    i think this doesn't work if you want to ask Verisign to sign your request,
    isn't it?, but i think libsec has almost all the code to build a request as
    in rfc2511 :-? am i wrong?

    slds.

    gabi



    On 1/9/07, Charles Forsyth wrote:
    >
    > > As far as I know libsec still doesn't know how to write x509.

    >
    > rsa(8) has rsa2x509 and an example
    > Generate a fresh key and use it to start a TLS-enabled web
    > server:
    >
    > auth/rsagen -t 'service=tls owner=*' >key
    > auth/rsa2x509 'C=US CN=*.cs.bell-labs.com' key |
    > auth/pemencode CERTIFICATE >cert
    > cat key >/mnt/factotum/ctl
    > ip/httpd/httpd -c cert
    >



  7. Re: [9fans] cert signing request

    hello

    a quick look in /sys/src/libsec/port/x509.c shows

    uchar*
    X509req(RSApriv *priv, char *subj, int *certlen)
    {
    /* RFC 2314, PKCS #10 Certification Request Syntax */

    so it is done already, at least using the RSA lab way
    (the rfc2511 seems to be the Entrust/Verisign way of doing the same :-? )

    slds.

    gabi



    On 1/9/07, Gabriel Diaz wrote:
    >
    > hello
    >
    > i think this doesn't work if you want to ask Verisign to sign your
    > request, isn't it?, but i think libsec has almost all the code to build a
    > request as in rfc2511 :-? am i wrong?
    >
    > slds.
    >
    > gabi
    >
    >
    >
    > On 1/9/07, Charles Forsyth wrote:
    > >
    > > > As far as I know libsec still doesn't know how to write x509.

    > >
    > > rsa(8) has rsa2x509 and an example
    > > Generate a fresh key and use it to start a TLS-enabled web
    > > server:
    > >
    > > auth/rsagen -t 'service=tls owner=*' >key
    > > auth/rsa2x509 'C=US CN=*.cs.bell- labs.com' key |
    > > auth/pemencode CERTIFICATE >cert
    > > cat key >/mnt/factotum/ctl
    > > ip/httpd/httpd -c cert
    > >

    >
    >



  8. Re: [9fans] cert signing request

    >i think this doesn't work if you want to ask Verisign to sign your request,

    whenever i've been forced to use Verisad, they provide the public key as well.

  9. Re: [9fans] cert signing request

    I saw that but totally forgot to check if auth tools made any use of it.

    Seems like what Skip wants is auth/rsa2csr.

    Sorry for the earlier noise.

    On 1/9/07, Gabriel Diaz wrote:
    > hello
    >
    > a quick look in /sys/src/libsec/port/x509.c shows
    >
    > uchar*
    > X509req(RSApriv *priv, char *subj, int *certlen)
    > {
    > /* RFC 2314, PKCS #10 Certification Request Syntax */
    >
    > so it is done already, at least using the RSA lab way
    > (the rfc2511 seems to be the Entrust/Verisign way of doing the same :-? )
    >
    > slds.
    >
    > gabi
    >
    >
    >
    >
    > On 1/9/07, Gabriel Diaz wrote:
    > >
    > > hello
    > >
    > > i think this doesn't work if you want to ask Verisign to sign your

    > request, isn't it?, but i think libsec has almost all the code to build a
    > request as in rfc2511 :-? am i wrong?
    > >
    > > slds.
    > >
    > > gabi
    > >
    > >
    > >
    > >
    > > On 1/9/07, Charles Forsyth wrote:
    > > > > As far as I know libsec still doesn't know how to write x509.
    > > >
    > > > rsa(8) has rsa2x509 and an example
    > > > Generate a fresh key and use it to start a TLS-enabled web
    > > > server:
    > > >
    > > > auth/rsagen -t 'service=tls owner=*' >key
    > > > auth/rsa2x509 'C=US CN=*.cs.bell- labs.com' key |
    > > > auth/pemencode CERTIFICATE >cert
    > > > cat key >/mnt/factotum/ctl
    > > > ip/httpd/httpd -c cert
    > > >

    > >
    > >

    >
    >



    --
    Felipe

  10. Re: [9fans] cert signing request

    > Seems like what Skip wants is auth/rsa2csr.

    i totally missed it. teaches me to just look at man pages. thanks.

    it didn't always live in auth/

    cpu% auth/rsa2csr
    usage: aux/rsa2csr 'C=US ...CN=xxx' [key]cpu%


+ Reply to Thread