[144309] in cryptography@c2.net mail archive
Re: X.509 certificate overview + status
daemon@ATHENA.MIT.EDU (Marcus Brinkmann)
Mon Mar 2 11:57:06 2009
Date: 2 Mar 2009 17:35:20 +0100
From: "Marcus Brinkmann" <marcus.brinkmann@ruhr-uni-bochum.de>
To: "Cryptography" <cryptography@metzdowd.com>
In-Reply-To: <20090227212645.GK15955@subspacefield.org>
Travis wrote:
> Recently I set up certificates for my server's SSL, SMTP, IMAP, XMPP,
> and OpenVPN services. Actually, I created my own CA for some of the
> certificates, and in other cases I used self-signed. It took me
> substantially more time than I had anticipated, and I'm left with
> feelings of unease.
Welcome to the club!
> Further, trying to dig into ASN.1 was extremely difficult. The specs
> are full of obtuse language, using terms like "object" without
> defining them first. Are there any tools that will dump certificates
> in human-readable formats? I would really like something that could
> take a PEM file of a cert and display it in XML or something of the
> sort.
Ubuntu comes with dumpasn1. There are also quite a few libraries.
> I'm plowing through the O'Reilly OpenSSL book, but are there other
> resources out there that could help me, or others like me?
You should be aware of Peter Gutmann's style guide:
http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt
Thanks,
Marcus
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
