Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Another Certificate question
Special Forums Cybersecurity Another Certificate question Post 302911641 by Lost in Cyberia on Saturday 2nd of August 2014 02:25:04 AM
Old 08-02-2014
Another Certificate question
Hey everyone, another question on certificate chains...

When a site applies for an ssl certificate, do they have to apply to a root CA? or can they apply to a root, or one of the many smaller CA companies? Then once they obtain a cert from that smaller CA, the company gets it's cert signed by a real root? Is evidence of this, when you look at the certificate viewer in a browser and it says something like
Quote:
VERISIGN CLASS C ROOT CA
SomeSmallerCA inc.
example.com

The company, example.com applied for their cert at SomeSmallerCA, inc, which in turned got it's cert signed by Verisign?


Now if I see something like :
Quote:
VERISIGN CLASS C ROOT CA
VERISIGN CLASS C EXTENDED VAL.
example.com

The above means that the company, example.com applied directed to the root CA, but they then signed their main cert with an intermediary cert?

So one is a bottom up application and the other is a top down application process? Can there be a mixture of both? Where you apply to a smaller company which goes up to a root, but the root signs an intermediary, before then finally signing to the smaller CA?

Thanks!
Last edited by rbatte1; 08-04-2014 at 07:38 AM.. Reason: Added QUOTE tags
 

10 More Discussions You Might Find Interesting

1. Forum Support Area for Unregistered Users & Account Problems

Unix Certificate

TO WHOM IT MAY CONCERN: I am Ayanda Fuzile, I would like to request my UNIX Certificate, I completed my course in 2000. My email adress is removed, my postal adress is also removed. Kind Regards, Ayanda Fuzile (1 Reply)
Discussion started by: afuzile
1 Replies

2. UNIX for Advanced & Expert Users

decryption using digital certificate

A client application is encrypting a text using private key and sends through socket. My application(server written in c/c++,unix) receives the chiper-text through socket. I have client's digital certificate. now, how do I decrypt(may be using openssl library) this ciper-text using client's... (1 Reply)
Discussion started by: johnbach
1 Replies

3. Web Development

SSL certificate

Dear All Anyone know how to issue two different certification on apache virtualhost fyi i have one virtualhost eg 69.192.1.25:443 already signed with verisign how can i configure another virtualhost 69.192.1.25:443 which signing with another certificate which self signing. i search net not... (1 Reply)
Discussion started by: netxus
1 Replies

4. Cybersecurity

SSL certificate

Hi guys. I have some questions about ssl certificates. I looked at SSL providers and saw that they are providing 2 types of certificates: per server or per domain. my server host name is: srv1.example.com I have a smtp, imap, web server on this box. but all services accessed by different... (1 Reply)
Discussion started by: majid.merkava
1 Replies

5. UNIX for Dummies Questions & Answers

Is it possible to extract a certificate chain?

Hi all! I wanted to look at the key length of a certificate chain we have. When I do the conventional export command using keytool I will only get the end user cert. keytool -export -alias aliasname -file filename.cer -keystore keystorename The above code will only give me the end user... (2 Replies)
Discussion started by: Keepcase
2 Replies

6. Cybersecurity

question about certificate for domain

Hi, I would like to know if certificate for mydomain.com would work as well for www.mydomain.com and for all subdomain of example.com? I ask this because I want to buy a certificate and I was not what domain should I ask the certificate for? (0 Replies)
Discussion started by: programAngel
0 Replies

7. Cybersecurity

SSL Certificate Stores

Hey everyone, I'm trying to get a lay of the land for OS and Application Certificate Stores. Can someone confirm that I have this concept right? If the application you're using say Firefox has it's own trusted CA store, it uses that exclusively. So if you're running firefox in Windows, Firefox... (4 Replies)
Discussion started by: Lost in Cyberia
4 Replies

8. HP-UX

Sendmail TLS and Certificate?

We are running HP-UX 11v1 and are about to upgrade sendmail to 8.13.3 to allow support for TLS. Enabling TLS seems pretty straightforward, but I'm wondering if an SSL certificate is required for this. Our MS Exchange server does use a certificate. Do I need to arrange for a public certificate to... (3 Replies)
Discussion started by: jduehmig
3 Replies

9. UNIX for Advanced & Expert Users

Does vsftpd support user access with client certificate with priv/pub key + vsftpd certificate?

:rolleyes:I am trying to setup all certificate based client-server environment in Linux using vsftpd and curl with openssl. I would like to make a user access with vsftpd certificate and user own client certificate (self-signed) with private/public key. I don't see google posts about the my plan... (4 Replies)
Discussion started by: gogogo
4 Replies

10. Shell Programming and Scripting

Grep from a certificate

I can view the openSSL certifcate with this command openssl x509 -text -in myCertificate.pem I just wanted to see when the cert will expire only. The line which I want to read is, Not After : Jul 28 14:09:57 2015 GMT I tried using the grep command but it doesn't display anything. grep... (1 Reply)
Discussion started by: Loc
1 Replies

LEARN ABOUT REDHAT

lprng_certs

LPRNG_CERTS(1)						      General Commands Manual						    LPRNG_CERTS(1)

NAME

       lprng_certs - lprng SSL certificate management

SYNOPSIS

       lprng_certs option
	Options:
	 init	  - make directory structure
	 newca	  - make new root CA
	 defaults - set new default values for certs
	 gen	  - generate user, server, or signing cert
	 index [dir] - index cert files
	 verify [cert] - verify cert file
	 encrypt keyfile
		  - set or change keyfile password

DESCRIPTION

       The lprng_certs program is used to manage SSL certificates for the LPRng software.  There SSL certificate structure consists of a hierarchy
       of certificates.  The LPRng software assumes that the following types of certificates will be used:

       CA or root
	      A top level or self-signed certificate.

       signing
	      A certificate that can be used to sign other certificates.  This is signed by the root CA or another signing certificate.

       user   A certificate used by a user to identify themselves to the lpd server.

       server A certificate used by the lpd server to identify themselves to the user or other lpd servers.

Signing Certificates
       All of the signing certificates, including the root certificate (root CA), /etc/lpd/ssl.ca/ca.crt, are in the same directory as the root CA
       file.   Alternately,  all  of  the signing certs can be concatenated and put into a single file, which by convention is assumed to have the
       same name as the root CA file, /etc/lpd/ssl.ca/ca.crt.  The ssl_ca_file, ssl_ca_path, and ssl_ca_key printcap and configuration options can
       be  used  to specify the locations of the root CA files, a directory containing the signing certificate files, and the private key file for
       the root CA file respectively.

       The root certificate (root CA file) /etc/lpd/ssl.ca/ca.crt has a private key file /etc/lpd/ssl.ca/ca.key as well.  By convention, the  pri-
       vate keys for the other signing certificate files are stored in the certificate file.

       The OpenSSL software requires that this directory also contain a set of hash files which are, in effect, links to these files.

       By default, all signing certificates are assumed to be in the same directory as the root certificate.

Server Certificates
       The  certificate used by the lpd server are kept in another directory.  These files do not need to have hash links to them.  By convention,
       the private keys for these certificate files are stored in the  certificate  file.   The  server  certificate  file  is	specified  by  the
       ssl_server_cert	and  has  the default value /etc/lpd/ssl.server/server.crt.  This file contains the cert and private key.  The server cer-
       tificate password  file is specified by the ssl_server_password option with the default value @SSL_SERVER_PASSWORD@ and contains the  pass-
       word used to decrypt the servers private key and use it for authentication.  This key file should be read only by the lpd server.

User Certificates
       The  certificates  used	by  users are kept in a separate directory in the users home directory.  By convention, the private keys for these
       certificate files are stored in the certificate file.

       The user certificate file is specified by the LPR_SSL_FILE environment variable, otherwise the ${HOME}/.lpr/client.crt is used.	The  pass-
       word is taken from the file specified by the LPR_SSL_PASSWORD environment variable, otherwise the ${HOME}/.lpr/client.pwd file is read.

USING LPRNG_CERTS
       The  organization  of the SSL certificates used by LPRng is similar to that used by other programs such as the Apache mod_ssl support.  The
       lprng_certs program is used to create the directory structure, create certificates for the root CA, signing, user and servers.  In order to
       make managment simple, the following support is provided.

lprng_certs init
       This command creates the directories used by the lpd server.  It is useful when setting up a new lpd server.

lprng_certs newca
       This  command  creates  a  self-signed certificate, suitable for use as a root CA certificate.  It also sets up a set of default values for
       other certificate creation.

lprng_certs defaults
       This command is used to modify the set of default values.

       The default values are listed and should be self-explanatory, except for the value of the signer certificate.  By default, the root CA  can
       be  used  to  sign  certificates.  However, a signing certificate can be used as well.  This allows delegation of signing authority without
       compromising the security of the root CA.

lprng_certs gen
       This is used to generate a user, server, or signing certificate.

lprng_certs index
       This is used to create the indexes for the signing certificates.

lprng_certs verify [cert]
       This checks the certificate file using the Openssl openssl verify command.

lprng_certs encrypt keyfile
       This removes all key information from the key file, reencrypts the key information, and the puts the encrypted key information in the file.

LPRng OPTIONS
       Option			Purpose
       ssl_ca_path		directory holding the SSL signing certs
       ssl_ca_file		file holding the root CA or all SSL signing certs
       ssl_server_cert		cert file for the server
       ssl_server_password	file containing password for server server
       ${HOME}/.lpr/client.crt	client certificate file
       ${HOME}/.lpr/client.pwd	client certificate private key password

ENVIRONMENT VARIABLES

       LPR_SSL_FILE		client certificate file
       LPR_SSL_PASSWORD 	client certificate private key password

EXIT STATUS

       The following exit values are returned:

       zero (0)       Successful completion.

       non-zero (!=0) An error occurred.

SEE ALSO

       lpd.conf(5), lpc(8), lpd(8), checkpc(8), lpr(1), lpq(1), lprm(1), printcap(5), lpd.conf(5), pr(1), lprng_certs(1), lprng_index_certs(1).

HISTORY

       LPRng is a enhanced printer spooler system  with  functionality	similar  to  the  Berkeley  LPR  software.   The  LPRng  mailing  list	is
       lprng@lprng.com;  subscribe by sending mail to lprng-request@lprng.com with the word subscribe in the body.  The software is available from
       ftp://ftp.lprng.com/pub/LPRng.

AUTHOR

       Patrick Powell <papowell@lprng.com>.

LPRng								    LPRng-3.9.0 						    LPRNG_CERTS(1)
All times are GMT -4. The time now is 01:52 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy