Re: [PLUG] Issuing a cert from OpenSSL without a CSR from the client

Rich Freeman on 22 Dec 2014 07:51:45 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Issuing a cert from OpenSSL without a CSR from the client

From: Rich Freeman <r-plug@thefreemanclan.net>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Issuing a cert from OpenSSL without a CSR from the client
Date: Mon, 22 Dec 2014 10:51:38 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=L3HXmQFzd9CJ4QaBZ1aCZcK6QUa/7doVGRdmXcdnRRQ=; b=xtE+lbhJIdiaH+K+lhtFE2tzCebCM5/qLmGTqx0CKmWIhgoGvGn1YBd7HNMQGVOFL3 pBdUeRjCBPq4pvsxThMJS+M6A9M7NM3HP+PQhYts4xi9e7YgrJfaFpBFrnULbCLpBcz8 b1qfjbKTaSEnN/8/MPTFO9Kr8uVOhygjeEjgxKF/nbUlfW9ROgEAwqmE8uFzWLDePtJ/ qH9vSdLQXngsy+vuw8vjqhE/KgaM/FI1Fe13puWwSCXWOT9p1dhtW+YRUXnk2zwkxZcP RD0nGAFUIcDsZnrtIhYenvFqnO5NTJe1iUJm5i9cDcszD2ESCur3givo0puPR+ycjcdq 3itw==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

On Mon, Dec 22, 2014 at 10:36 AM, Michael Leone <turgon@mike-leone.com> wrote:
>
> Any request I generate myself on my CA, in the name of the Connections
> server, will be pretty much the same as an actual CSR generated on that
> Connections server, right? Just as valid a CSR, I mean.
>

It should be completely possible in theory, though I'd have to dig
through a bazillion openssl manpages to tell you how.  You'll
definitely need access to the public key for the server - I don't know
if generating a csr requires access to the private key offhand (I'd
hope that it does, otherwise anybody could generate one, though they
couldn't actually make use of it without the private key other than
maybe to confuse clients).

--
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Issuing a cert from OpenSSL without a CSR from the client
  - From: Paul Jungwirth <once@9stmaryrd.com>
- Re: [PLUG] Issuing a cert from OpenSSL without a CSR from the client
  - From: Michael Leone <turgon@mike-leone.com>

References:
- [PLUG] Issuing a cert from OpenSSL without a CSR from the client
  - From: Michael Leone <turgon@mike-leone.com>

Prev by Date: [PLUG] Issuing a cert from OpenSSL without a CSR from the client
Next by Date: Re: [PLUG] Issuing a cert from OpenSSL without a CSR from the client
Previous by thread: [PLUG] Issuing a cert from OpenSSL without a CSR from the client
Next by thread: Re: [PLUG] Issuing a cert from OpenSSL without a CSR from the client
Index(es):
- Date
- Thread