|
List Info
Thread: RootCA encoding
|
|
| RootCA encoding |
|
2006-09-15 19:22:18 |
From: Neil Chambers
Email: neil cozyspace.net
Subject: RootCA encoding
Message:
Hi there,
I'm having difficulties importing your rootCA into my
router. Apparently it will only accept base64 encoded
PKCS#10.
I've tried importing the root CA into IE and exporting it
as base64 but still no dice. Any chance you can make your CA
available in this format?
Cheers 
_______________________________________________
Have you subscribed to our RSS News Feed yet?
CAcert-Support mailing list
CAcert-Supportlists.cacert.org
http://lists.cacert.org/cgi-bin/mailman/listinfo/
cacert-support
|
|
| RootCA encoding |
|
2006-09-15 22:10:47 |
Hi Neil,
Which router do you have? Do you have some manuals, you
could send me?
Screenshots?
> I'm having difficulties importing your rootCA into my
router. Apparently it
> will only accept base64 encoded PKCS#10.
PKCS#10 is a certificate request format, not a certificate
format.
Could it be that it is running it´s own CA, and you have to
submit PKCS#10
requests for client certificates?
Or does it generate PKCS#10 requests, which you could submit
to a CA?
> I've tried importing the root CA into IE and exporting
it as base64 but
> still no dice. Any chance you can make your CA
available in this format?
This is base64 encoding:
http://www.cacer
t.org/certs/root.crt
Best regards,
Philipp
_______________________________________________
Have you subscribed to our RSS News Feed yet?
CAcert-Support mailing list
CAcert-Supportlists.cacert.org
http://lists.cacert.org/cgi-bin/mailman/listinfo/
cacert-support
|
|
| RootCA encoding |
|
2006-09-16 21:24:49 |
Philipp Gühring wrote:
> Hi Neil,
>
> Which router do you have? Do you have some manuals, you
could send me?
> Screenshots?
As Philipp would mention, you'll need to find out if the
router accepts
4096 bit long certificate for the root cert.
--
Best regards,
Guillaume
Vision without action is a daydream. Action without vision
is a
nightmare. -- Japanese Proverb
MSN wildcat_parishotmail.fr IRC wildcat_parisirc.cacert.org
_______________________________________________
Have you subscribed to our RSS News Feed yet?
CAcert-Support mailing list
CAcert-Supportlists.cacert.org
http://lists.cacert.org/cgi-bin/mailman/listinfo/
cacert-support
|
|
| RootCA encoding |
|
2006-09-17 10:40:47 |
|
Philipp Gühring wrote:
futureware.at" type="cite">
Hi Neil,
Which router do you have? Do you have some manuals, you could send me?
Screenshots?
It's a Draytek Vigor 2800VG.
Here is a link to VPN/Certificate setup:
http://www.draytek.com/support/support_note/router/application/vpn_solution/5/01.php
(the setup only covers using a Microsoft Certificate Server authority)
futureware.at" type="cite">
I'm having difficulties importing your rootCA into my router. Apparently it
will only accept base64 encoded PKCS#10.
PKCS#10 is a certificate request format, not a certificate format.
Could it be that it is running it´s own CA, and you have to submit PKCS#10
requests for client certificates?
Or does it generate PKCS#10 requests, which you could submit to a CA?
Forgive my relative lack of knowledge on this topic. I don't believe it
is running a CA. I have an option to generate requests (which I have
done - and processed via cacert successfully) and the option to store
three trusted authorities. When I try to import the Base64 cacert root
I get an error:
Fail ...
Maybe the certificate format is wrong or too big. Try again!!!!!!!!!!
futureware.at" type="cite">
I've tried importing the root CA into IE and exporting it as base64 but
still no dice. Any chance you can make your CA available in this format?
This is base64 encoding:
http://www.cacert.org/certs/root.crt
Still no joy. Here is a topic thread on the Draytek Forums:Â
http://www.draytek.co.uk/forum/viewtopic.php?t=8114
futureware.at" type="cite">
Best regards,
Philipp
Thanks for the reply!
Neil
|
| RootCA encoding |
|
2006-09-17 20:56:42 |
Hi Neil,
Ok, I have formated the certificate now in the way it might
work, and attached
it as cacert.cer
Now you should follow the instructions on
http
://www.draytek.com/support/support_note/router/application/v
pn_solution/5/1.3_Trusted_CA_Certificate.pdf
But you have to skip the first part, and start at 1.3.9 (On
Vigor´s web
configuration page, ...)
------------------
Charlie:
This is the technical data of our root certificate:
It uses MD5, RSA with 4096 Bits, and we are using SHA-1 for
all the user
certificates. And we have a couple of Netscape extensions,
but I don´t think
that they would harm, since they aren´t critical.
Charlie, could you please verify whether the Draytek Vigor
2800VG supports
such root certificates? We heard that Cisco has/had problems
with our 4096
Bit key ...
Do you have a specification of the supported algorithms,
keysizes and
parameters?
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: O=Root CA, OU=http://www.cacert.org,
CN=CA Cert Signing
Authority/emailAddress=supportcacert.org
Validity
Not Before: Mar 30 12:29:49 2003 GMT
Not After : Mar 29 12:29:49 2033 GMT
Subject: O=Root CA, OU=http://www.cacert.org,
CN=CA Cert Signing
Authority/emailAddress=supportcacert.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (4096 bit)
Modulus (4096 bit):
00:ce:22:c0:e2:46:7d:ec:36:28:07:50:96:f2:a0:
e5:a1:0b
[...]
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:B5:32:1B 4:C7:F3:
E0:E6:8E:F3:BD2:B0:3A:
EE:B2:39:181
X509v3 Authority Key Identifier:
keyid:16:B5:32:1B4:C7:F3:
E0:E6:8E:F3:BD2:B0:3A:
EE:B2:39:181
DirName:/O=Root CA/OU=http://www.cacert.org/CN=
CA Cert Signing
Authority/emailAddress=supportcacert.org
serial:00
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 CRL Distribution Points:
URI:https://www.cacert.
org/revoke.crl
Netscape CA Revocation Url:
https://www.cacert.
org/revoke.crl
Netscape CA Policy Url:
http://www.cace
rt.org/index.php?id=10
Netscape Comment:
To get your own certificate for FREE head
over to
http://www.cacert.org
Signature Algorithm: md5WithRSAEncryption
28:c7:ee:9c:82:02:ba:5c:80:12:ca:35:0a:1d:81:6f:89:6a:
[...]
Best regards,
Philipp Gühring
_______________________________________________
Have you subscribed to our RSS News Feed yet?
CAcert-Support mailing list
CAcert-Supportlists.cacert.org
http://lists.cacert.org/cgi-bin/mailman/listinfo/
cacert-support
|
|
| RootCA encoding |
|
2006-09-17 21:37:07 |
Philipp Gühring wrote:
> Hi Neil,
>
> Ok, I have formated the certificate now in the way it
might work, and attached
> it as cacert.cer
<snip>
> Charlie:
> This is the technical data of our root certificate:
> It uses MD5, RSA with 4096 Bits, and we are using SHA-1
for all the user
> certificates. And we have a couple of Netscape
extensions, but I don´t think
> that they would harm, since they aren´t critical.
>
> Charlie, could you please verify whether the Draytek
Vigor 2800VG supports
> such root certificates? We heard that Cisco has/had
problems with our 4096
> Bit key ...
>
> Do you have a specification of the supported
algorithms, keysizes and
> parameters?
<snip>
Philipp,
Many thanks for such a quick response to this issue!
Unfortunately the certificate import failed.
Charlie, the import failed with the same error as before.
All the very best,
Neil
_______________________________________________
Have you subscribed to our RSS News Feed yet?
CAcert-Support mailing list
CAcert-Supportlists.cacert.org
http://lists.cacert.org/cgi-bin/mailman/listinfo/
cacert-support
|
|
[1-6]
|
|
|
about | contact Other archives ( Real Estate discussion Medical topics )
|