EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Subordinate CA

Also by EldoS: CallbackDisk
Create virtual disks backed by memory or custom location, expose disk images as disks and more.
Posted: 05/08/2006 20:34:07
by Le Huyen Trang (Basic support level)
Joined: 05/04/2006
Posts: 6

How to generate an Subordinate CA when i have a seft-signed Certificate. And how to set a seft-signed certificate to become RootCA.
Posted: 05/08/2006 23:51:53
by Eugene Mayevski (Team)

I am not sure that I understand your question. For self-signed certificate you need to adjust it's Key Usage in order to allow it to generate new certificates. Then instantiate new certificate and use it's TElX509Certiifcate.Generate() method to actually create a "child" certificate (you will need to setup key usage of the child certificate too). For details about key usage fields see RFC 3280.

Sincerely yours
Eugene Mayevski
Posted: 05/09/2006 18:38:15
by Le Huyen Trang (Basic support level)
Joined: 05/04/2006
Posts: 6

I want to create a tree:
CA1 -> CA2 -> CA4
CA2 -> CA9
CA2 -> CA5
CA4 ->CA6
CA1 -> CA3 -> CA7
CA7 -> CA8
How can I do it ?
Posted: 05/10/2006 00:27:07
by Eugene Mayevski (Team)

As said, you generate certificates using ElX509Certificate.Generate method. There's CertDemo sample included with SecureBlackbox, which shows how generation is done.

Sincerely yours
Eugene Mayevski
Posted: 05/10/2006 00:32:15
by Eugene Mayevski (Team)

BTW check the article.

Sincerely yours
Eugene Mayevski
Posted: 05/10/2006 19:41:31
by Le Huyen Trang (Basic support level)
Joined: 05/04/2006
Posts: 6

As you known, I used CerDemo sample (with Visual Basic) to create some certificate. Using the seft-signed to issue the other certificate is OK. But using the Certificate (not seft-signed, and is issued by seft-signed certificate) is not OK. In Certificate, Tab "General", Certificate information is : "This certificate is not valid because one of the certification authorities in the certification path does not appear to be allowed to issue certificates or this certificate can not be used as an end-entity certificate" . And tab "certificate Path", as picture I will send to you later.
I try to change it to other stores of Windowns Operation System, but no get desired results. I don't known why.
Please show me step-by-step to create the subordinate CA. Thank for your time.
Huyen Trang.
Posted: 05/11/2006 04:58:27
by Eugene Mayevski (Team)

Most likely the message tells you that you didn't set proper key usage for one of the certificates. It's hard to tell without seeing the actual certificates that you generated.
The step-by-step guide is present in the how-to, whose URL I posted in the previous message.

Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.



Topic viewed 7276 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!