EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Subordinate CA

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#127
Posted: 05/08/2006 20:34:07
by Le Huyen Trang (Basic support level)
Joined: 05/04/2006
Posts: 6

How to generate an Subordinate CA when i have a seft-signed Certificate. And how to set a seft-signed certificate to become RootCA.
Thank.
#128
Posted: 05/08/2006 23:51:53
by Eugene Mayevski (EldoS Corp.)

I am not sure that I understand your question. For self-signed certificate you need to adjust it's Key Usage in order to allow it to generate new certificates. Then instantiate new certificate and use it's TElX509Certiifcate.Generate() method to actually create a "child" certificate (you will need to setup key usage of the child certificate too). For details about key usage fields see RFC 3280.


Sincerely yours
Eugene Mayevski
#135
Posted: 05/09/2006 18:38:15
by Le Huyen Trang (Basic support level)
Joined: 05/04/2006
Posts: 6

I want to create a tree:
CA1 -> CA2 -> CA4
CA2 -> CA9
CA2 -> CA5
CA4 ->CA6
CA1 -> CA3 -> CA7
CA7 -> CA8
How can I do it ?
#137
Posted: 05/10/2006 00:27:07
by Eugene Mayevski (EldoS Corp.)

As said, you generate certificates using ElX509Certificate.Generate method. There's CertDemo sample included with SecureBlackbox, which shows how generation is done.


Sincerely yours
Eugene Mayevski
#138
Posted: 05/10/2006 00:32:15
by Eugene Mayevski (EldoS Corp.)

BTW check the article.


Sincerely yours
Eugene Mayevski
#154
Posted: 05/10/2006 19:41:31
by Le Huyen Trang (Basic support level)
Joined: 05/04/2006
Posts: 6

As you known, I used CerDemo sample (with Visual Basic) to create some certificate. Using the seft-signed to issue the other certificate is OK. But using the Certificate (not seft-signed, and is issued by seft-signed certificate) is not OK. In Certificate, Tab "General", Certificate information is : "This certificate is not valid because one of the certification authorities in the certification path does not appear to be allowed to issue certificates or this certificate can not be used as an end-entity certificate" . And tab "certificate Path", as picture I will send to you later.
I try to change it to other stores of Windowns Operation System, but no get desired results. I don't known why.
Please show me step-by-step to create the subordinate CA. Thank for your time.
Bye.
Huyen Trang.
#157
Posted: 05/11/2006 04:58:27
by Eugene Mayevski (EldoS Corp.)

Most likely the message tells you that you didn't set proper key usage for one of the certificates. It's hard to tell without seeing the actual certificates that you generated.
The step-by-step guide is present in the how-to, whose URL I posted in the previous message.


Sincerely yours
Eugene Mayevski
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 5500 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!