Can i make personal ssl cert from verisign"s one?

I tryed it until yesterday.

I think i'm almost succeed.

it's so easy. set openssl SSLCACertificateFile to verisign's one.

cert tree appear to follow.

VeriSign Class 3 Public Primary CA
|
---> www.verisign.com/CPS incorp.by Ref. LIABILITY LTD. (c)97 VeriSign
|
----->www.yourdomain.com
|
-----> NewOne.com

But, the file www.yourdomain.com contain expired cert (CPS
incorp..blah)

I think it's some kind of 'prevention' of verisign.

so, I try to export many site's cert. and i knew some site's cert is
contain

valid cert.

therefore, somebody know the site that sold valid cert?

Re: Can i make personal ssl cert from verisign"s one?

What are the OIDs for the certificate for "www.yourdomain.com"?

Surely it can only be used for Server Authentication (and similar), not for
signing other certificates?

Cheers
Ken

wrote in message
news:1151652967.013632.16900@b68g2000cwa.googlegroups.com...
>I tryed it until yesterday.
>
> I think i'm almost succeed.
>
> it's so easy. set openssl SSLCACertificateFile to verisign's one.
>
> cert tree appear to follow.
>
> VeriSign Class 3 Public Primary CA
> |
> ---> www.verisign.com/CPS incorp.by Ref. LIABILITY LTD. (c)97 VeriSign
> |
> ----->www.yourdomain.com
> |
> -----> NewOne.com
>
> But, the file www.yourdomain.com contain expired cert (CPS
> incorp..blah)
>
> I think it's some kind of 'prevention' of verisign.
>
> so, I try to export many site's cert. and i knew some site's cert is
> contain
>
> valid cert.
>
> therefore, somebody know the site that sold valid cert?
>

Re: Can i make personal ssl cert from verisign"s one?

How can i classify it?

Every cert not rejected when i signing with openssl even if
that does not work.

I found simple solution of it. just click the lock icon, export
current level cert to file and click the exported file.

You will meet some kind of error (usually root ca doesn't show up)
or valid one but almost expired.

Try https://verisign.com

However, i cannot classify OID that you said.

Could you help me to find out that?

Thanks in advance.

Ken Schaefer wrote:
> What are the OIDs for the certificate for "www.yourdomain.com"?
>
> Surely it can only be used for Server Authentication (and similar), not for
> signing other certificates?
>
> Cheers
> Ken
>
> wrote in message
> news:1151652967.013632.16900@b68g2000cwa.googlegroups.com...
> >I tryed it until yesterday.
> >
> > I think i'm almost succeed.
> >
> > it's so easy. set openssl SSLCACertificateFile to verisign's one.
> >
> > cert tree appear to follow.
> >
> > VeriSign Class 3 Public Primary CA
> > |
> > ---> www.verisign.com/CPS incorp.by Ref. LIABILITY LTD. (c)97 VeriSign
> > |
> > ----->www.yourdomain.com
> > |
> > -----> NewOne.com
> >
> > But, the file www.yourdomain.com contain expired cert (CPS
> > incorp..blah)
> >
> > I think it's some kind of 'prevention' of verisign.
> >
> > so, I try to export many site's cert. and i knew some site's cert is
> > contain
> >
> > valid cert.
> >
> > therefore, somebody know the site that sold valid cert?
> >

Re: Can i make personal ssl cert from verisign"s one?

The purposes that a certificate can be used for are determined by the
issuing CA. If a certificate is issued for server-authentication, you can't
use it for other purposes. The OIDs for a certificate are available via the
Certificate Manager MMC snapin (Start -> Run -> certmgr.msc)

Cheers
Ken

wrote in message
news:1151887684.962681.123840@h44g2000cwa.googlegroups.com.. .
> How can i classify it?
>
> Every cert not rejected when i signing with openssl even if
> that does not work.
>
> I found simple solution of it. just click the lock icon, export
> current level cert to file and click the exported file.
>
> You will meet some kind of error (usually root ca doesn't show up)
> or valid one but almost expired.
>
> Try https://verisign.com
>
> However, i cannot classify OID that you said.
>
> Could you help me to find out that?
>
> Thanks in advance.
>
> Ken Schaefer wrote:
>> What are the OIDs for the certificate for "www.yourdomain.com"?
>>
>> Surely it can only be used for Server Authentication (and similar), not
>> for
>> signing other certificates?
>>
>> Cheers
>> Ken
>>
>> wrote in message
>> news:1151652967.013632.16900@b68g2000cwa.googlegroups.com...
>> >I tryed it until yesterday.
>> >
>> > I think i'm almost succeed.
>> >
>> > it's so easy. set openssl SSLCACertificateFile to verisign's one.
>> >
>> > cert tree appear to follow.
>> >
>> > VeriSign Class 3 Public Primary CA
>> > |
>> > ---> www.verisign.com/CPS incorp.by Ref. LIABILITY LTD. (c)97 VeriSign
>> > |
>> > ----->www.yourdomain.com
>> > |
>> > -----> NewOne.com
>> >
>> > But, the file www.yourdomain.com contain expired cert (CPS
>> > incorp..blah)
>> >
>> > I think it's some kind of 'prevention' of verisign.
>> >
>> > so, I try to export many site's cert. and i knew some site's cert is
>> > contain
>> >
>> > valid cert.
>> >
>> > therefore, somebody know the site that sold valid cert?
>> >
>

Re: Can i make personal ssl cert from verisign"s one?

I understand what you say.

but, I'm talking about Non-root CA signing.

I can make cert from non-permitted cert.

there is some limitation.

1. original cert must be use Intermediate (cert chain)
single-root cert is not working.

2. original cert must be valid when i double-clicked that
in windows.

example)
expired one: http://user.chol.com/~mirror/t1.cer
valid one: http://user.chol.com/~mirror/t2.cer

thanks in advance.

Ken Schaefer wrote:
> The purposes that a certificate can be used for are determined by the
> issuing CA. If a certificate is issued for server-authentication, you can't
> use it for other purposes. The OIDs for a certificate are available via the
> Certificate Manager MMC snapin (Start -> Run -> certmgr.msc)
>
> Cheers
> Ken
>
> wrote in message
> news:1151887684.962681.123840@h44g2000cwa.googlegroups.com.. .
> > How can i classify it?
> >
> > Every cert not rejected when i signing with openssl even if
> > that does not work.
> >
> > I found simple solution of it. just click the lock icon, export
> > current level cert to file and click the exported file.
> >
> > You will meet some kind of error (usually root ca doesn't show up)
> > or valid one but almost expired.
> >
> > Try https://verisign.com
> >
> > However, i cannot classify OID that you said.
> >
> > Could you help me to find out that?
> >
> > Thanks in advance.
> >
> > Ken Schaefer wrote:
> >> What are the OIDs for the certificate for "www.yourdomain.com"?
> >>
> >> Surely it can only be used for Server Authentication (and similar), not
> >> for
> >> signing other certificates?
> >>
> >> Cheers
> >> Ken
> >>
> >> wrote in message
> >> news:1151652967.013632.16900@b68g2000cwa.googlegroups.com...
> >> >I tryed it until yesterday.
> >> >
> >> > I think i'm almost succeed.
> >> >
> >> > it's so easy. set openssl SSLCACertificateFile to verisign's one.
> >> >
> >> > cert tree appear to follow.
> >> >
> >> > VeriSign Class 3 Public Primary CA
> >> > |
> >> > ---> www.verisign.com/CPS incorp.by Ref. LIABILITY LTD. (c)97 VeriSign
> >> > |
> >> > ----->www.yourdomain.com
> >> > |
> >> > -----> NewOne.com
> >> >
> >> > But, the file www.yourdomain.com contain expired cert (CPS
> >> > incorp..blah)
> >> >
> >> > I think it's some kind of 'prevention' of verisign.
> >> >
> >> > so, I try to export many site's cert. and i knew some site's cert is
> >> > contain
> >> >
> >> > valid cert.
> >> >
> >> > therefore, somebody know the site that sold valid cert?
> >> >
> >