using certificate database tool (certutil) to add IPReg users
-------------------------------------------------------------
[http@eclectic .netscape]$ who am i
http pts/1 Jan 6 14:59 (igloo.its.unimacq.edu.au)
[http@eclectic .netscape]$ pwd
/export/home/http/.netscape
[http@eclectic .netscape]$ mkdir bjdean
[http@eclectic .netscape]$ ls -al
total 184
drwxr-xr-x 5 http http 512 Jan 6 15:04 .
drwx------ 5 http http 512 Jan 6 14:59 ..
-rw-r----- 1 http http 9 Nov 12 12:32 .passwd
-rw------- 1 http http 1024 Nov 17 12:54 .rnd
-rw-r--r-- 1 http http 1192 Nov 12 12:16 CAcert.pem
-rw-r--r-- 1 http http 964 Nov 12 17:01 OTP.pem
-rw-r--r-- 1 http http 952 Nov 12 12:13 UnimacqCA.pem
drwxr-xr-x 2 http http 512 Jan 6 15:04 bjdean
-rw------- 1 http http 32768 Nov 12 17:04 cert7.db
-rw-r--r-- 1 http http 899 Nov 12 12:18 directory-devel.pem
drwxr-xr-x 2 http http 512 Nov 15 15:47 jenni
-rw------- 1 http http 32768 Nov 12 12:33 key3.db
-rw------- 1 http http 32768 Nov 12 12:33 secmod.db
drwxr-xr-x 2 http http 512 Jan 6 15:33 template
drwxr-xr-x 2 http http 512 Nov 12 16:47 terrence
[http@eclectic .netscape]$ cat .passwd
Fuckoff!!
[http@eclectic .netscape]$ less .rnd
".rnd" may be a binary file. See it anyway?
[http@eclectic .netscape]$ /servers/sun/directory52/shared/bin/certutil -L -d .
Certificate Name Trust Attributes
OTP Issue Script u,u,u
directory-devel.unimacq.edu.au P,,
Certificate Authority C,C,C
IPReg Certificate Issuer C,C,C
p Valid peer
P Trusted peer (implies p)
c Valid CA
T Trusted CA to issue client certs (implies c)
C Trusted CA to certs(only server certs for ssl) (implies c)
u User cert
w Send warning
[http@eclectic .netscape]$ /servers/sun/directory52/shared/bin/certutil -L -d . -n "OTP Issue Script"
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3020 (0xbcc)
Signature Algorithm: PKCS #1 MD5 With RSA Encryption
Issuer: OU=Certificate Authority, O=The University of Macquarie, C=AU
Validity:
Not Before: Sat Jun 12 00:58:06 2004
Not After: Sun Jun 12 00:58:06 2005
Subject: CN=OTP Issue Script, UID=OTPIssue, OU=Directory Administrators, O=The University of Macquarie, C=AU
...
Certificate Trust Flags:
SSL Flags:
User
Email Flags:
User
Object Signing Flags:
User
[http@eclectic .netscape]$ openssl x509 -text -in OTP.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3020 (0xbcc)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=AU, O=The University of Macquarie, OU=Certificate Authority
Validity
Not Before: Jun 12 00:58:06 2004 GMT
Not After : Jun 12 00:58:06 2005 GMT
Subject: C=AU, O=The University of Macquarie, OU=Directory Administrators/UID=OTPIssue, CN=OTP Issue Script
...
-----BEGIN CERTIFICATE-----
MIICnDCCAgWgAwIBAgICC8wwDQYJKoZIhvcNAQEEBQAwUzELMAkGA1UEBhMCQVUx
JDAiBgNVBAoTG1RoZSBVbml2ZXJzaXR5IG9mIE1lbGJvdXJuZTEeMBwGA1UECxMV
Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA0MDYxMjAwNTgwNloXDTA1MDYxMjAw
NTgwNlowgYsxCzAJBgNVBAYTAkFVMSQwIgYDVQQKExtUaGUgVW5pdmVyc2l0eSBv
ZiBNZWxib3VybmUxITAfBgNVBAsTGERpcmVjdG9yeSBBZG1pbmlzdHJhdG9yczEY
MBYGCgmSJomT8ixkAQETCE9UUElzc3VlMRkwFwYDVQQDExBPVFAgSXNzdWUgU2Ny
aXB0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQD3sFzHzYWWnC4Qe9iXbEoA
LJbkpduvO53uOoRFlX+FaF9GoLMBExwPA+k0ZHLtiBEgQps4k+F0iSXde+Cz/dRw
IipTyCX7uwWp5CVDXJu0OIb0awQTVtOjnRg/BQWyRX6zH0D9BKn8lY5zfyB3UQQo
W/2Jgc/ALZrlZHz9a4YcMQIDAQABo0YwRDARBglghkgBhvhCAQEEBAMCBaAwDgYD
VR0PAQH/BAQDAgXgMB8GA1UdIwQYMBaAFLi38pO9FwmhX5ah+Jg7uXy69nFoMA0G
CSqGSIb3DQEBBAUAA4GBAAinR4bjtCDXOtds2eQjvAcqjTDOhjnYyOKlNPRfEsEB
Q9MVhmVOYglx7fh+qwNXBF++VmugfrpJrx5RZ9k1Zj2m9Zpm7IQg7EMM3qiexTDh
q7U4/7Z9nAD2C6ZJOAmzi+g5ZcZ4beIQugIhDh+dST98cQ4czbofTh9uhjDlXd2s
-----END CERTIFICATE-----
[http@eclectic .netscape]$ /servers/sun/directory52/shared/bin/certutil -L -d . -n "directory-devel.unimacq.edu.au"
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3100 (0xc1c)
Signature Algorithm: PKCS #1 MD5 With RSA Encryption
Issuer: OU=Certificate Authority, O=The University of Macquarie, C=AU
Validity:
Not Before: Tue Sep 28 08:51:49 2004
Not After: Thu Sep 28 08:51:49 2006
Subject: CN=directory-devel.unimacq.edu.au, O=The University of Macquarie, C=AU
...
Certificate Trust Flags:
SSL Flags:
Valid Peer
Trusted
Email Flags:
Object Signing Flags:
[http@eclectic .netscape]$ openssl x509 -text -in directory-devel.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3100 (0xc1c)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=AU, O=The University of Macquarie, OU=Certificate Authority
Validity
Not Before: Sep 28 08:51:49 2004 GMT
Not After : Sep 28 08:51:49 2006 GMT
Subject: C=AU, O=The University of Macquarie, CN=directory-devel.unimacq.edu.au
...
-----BEGIN CERTIFICATE-----
MIICbDCCAdWgAwIBAgICDBwwDQYJKoZIhvcNAQEEBQAwUzELMAkGA1UEBhMCQVUx
JDAiBgNVBAoTG1RoZSBVbml2ZXJzaXR5IG9mIE1lbGJvdXJuZTEeMBwGA1UECxMV
Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTA0MDkyODA4NTE0OVoXDTA2MDkyODA4
NTE0OVowXDELMAkGA1UEBhMCQVUxJDAiBgNVBAoTG1RoZSBVbml2ZXJzaXR5IG9m
IE1lbGJvdXJuZTEnMCUGA1UEAxMeZGlyZWN0b3J5LWRldmVsLnVuaW1lbGIuZWR1
LmF1MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDuIvMn53gjgn8rMT1E/KqF
ONTwmN2dvmGee56bSVOBdh+pYvOyLvHZjWilxHrm4W4TNfmxgv2UbFDtlFvmispK
tYtTrkS5AaF3J1Pr0RrO3n1gpaW570efFsGjyk7WEA7dXvMXbgu3CVhUXB2o7pnl
Ad44ZzBJOmoMGJcq1WLiSQIDAQABo0YwRDARBglghkgBhvhCAQEEBAMCBkAwDgYD
VR0PAQH/BAQDAgTwMB8GA1UdIwQYMBaAFLi38pO9FwmhX5ah+Jg7uXy69nFoMA0G
CSqGSIb3DQEBBAUAA4GBAL8z5lcunuGt7W4nVjidOeb+18yq7R+QBvq36GBkAesw
TpV2fB+MUdLzOIqqcngCXdCg0wixj7Yd6jTBgLRSlM+6RAhRsp4f4zKbAJLp5O1s
UGRKLyJvrP3ktc8tRfD+n3nmLGoJyiNIzcplCXhnMzLrK1eJoinaHWQFjsYsdfmA
-----END CERTIFICATE-----
[http@eclectic .netscape]$ /servers/sun/directory52/shared/bin/certutil -L -d . -n "Certificate Authority"
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2198 (0x896)
Signature Algorithm: PKCS #1 MD5 With RSA Encryption
Issuer: OU=Certificate Authority, O=The University of Macquarie, C=AU
Validity:
Not Before: Tue Jun 04 14:00:00 2002
Not After: Thu Dec 30 14:00:00 2032
Subject: OU=Certificate Authority, O=The University of Macquarie, C=AU
...
Certificate Trust Flags:
SSL Flags:
Valid CA
Trusted CA
Email Flags:
Valid CA
Trusted CA
Object Signing Flags:
Valid CA
Trusted CA
[http@eclectic .netscape]$ openssl x509 -text -in UnimacqCA.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2198 (0x896)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=AU, O=The University of Macquarie, OU=Certificate Authority
Validity
Not Before: Jun 4 14:00:00 2002 GMT
Not After : Dec 30 14:00:00 2032 GMT
Subject: C=AU, O=The University of Macquarie, OU=Certificate Authority
...
-----BEGIN CERTIFICATE-----
MIICkzCCAfygAwIBAgICCJYwDQYJKoZIhvcNAQEEBQAwUzELMAkGA1UEBhMCQVUx
JDAiBgNVBAoTG1RoZSBVbml2ZXJzaXR5IG9mIE1lbGJvdXJuZTEeMBwGA1UECxMV
Q2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTAyMDYwNDE0MDAwMFoXDTMyMTIzMDE0
MDAwMFowUzELMAkGA1UEBhMCQVUxJDAiBgNVBAoTG1RoZSBVbml2ZXJzaXR5IG9m
IE1lbGJvdXJuZTEeMBwGA1UECxMVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MIGfMA0G
CSqGSIb3DQEBAQUAA4GNADCBiQKBgQDuPy1yB3VZoTWbjYdzlgBjPaicXYkXfjAi
Aeec7iKY9Sep9HVdIkKHw8MsF5F78536Tdv6Fw6Whxe/nqKC6U/ItC7+Zu8kjcic
PwGcpXBxmqcZHu+xeQ49OZH+pvY5KF1gnGYbGzdBN8M3qoCnnQlvTDWVLQHwwBxs
uhXWtLOSpQIDAQABo3YwdDARBglghkgBhvhCAQEEBAMCAAcwDwYDVR0TAQH/BAUw
AwEB/zAdBgNVHQ4EFgQUuLfyk70XCaFflqH4mDu5fLr2cWgwHwYDVR0jBBgwFoAU
uLfyk70XCaFflqH4mDu5fLr2cWgwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
BAUAA4GBACgH4zmpyEAcVamTcNcbd/he4X3lKjA8Y8ztAYCJgaYz9uXomDMzvJ9H
i7YR77pCqyiS0PHhT1AkXmvbnYp11I7XEb3+/U1dAQA3ckMAbX1ERVARs836UfRZ
SJpPEq5tksB8YlK65a/lfffDq4Wd/Mrt4O3XyOfWFHmsljVit318
-----END CERTIFICATE-----
[http@eclectic .netscape]$ /servers/sun/directory52/shared/bin/certutil -L -d . -n "IPReg Certificate Issuer"
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: PKCS #1 MD5 With RSA Encryption
Issuer: E=siwc@xxxxxxxxxxxxxx, CN=IPReg Certificate Issuer, O=The University of Macquarie, C=AU
Validity:
Not Before: Tue May 21 01:08:54 2002
Not After: Sat May 15 01:08:54 2027
Subject: E=siwc@xxxxxxxxxxxxxx, CN=IPReg Certificate Issuer, O=The University of Macquarie, C=AU
...
Certificate Trust Flags:
SSL Flags:
Valid CA
Trusted CA
Email Flags:
Valid CA
Trusted CA
Object Signing Flags:
Valid CA
Trusted CA
[http@eclectic .netscape]$ openssl x509 -text -in CAcert.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 0 (0x0)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=AU, O=The University of Macquarie, CN=IPReg Certificate Issuer/emailAddress=siwc@xxxxxxxxxxxxxx
Validity
Not Before: May 21 01:08:54 2002 GMT
Not After : May 15 01:08:54 2027 GMT
Subject: C=AU, O=The University of Macquarie, CN=IPReg Certificate Issuer/emailAddress=siwc@xxxxxxxxxxxxxx
...
-----BEGIN CERTIFICATE-----
MIIDQjCCAqugAwIBAgIBADANBgkqhkiG9w0BAQQFADB6MQswCQYDVQQGEwJBVTEk
MCIGA1UEChMbVGhlIFVuaXZlcnNpdHkgb2YgTWVsYm91cm5lMSEwHwYDVQQDExhJ
UFJlZyBDZXJ0aWZpY2F0ZSBJc3N1ZXIxIjAgBgkqhkiG9w0BCQEWE2N3aXNAdW5p
bWVsYi5lZHUuYXUwHhcNMDIwNTIxMDEwODU0WhcNMjcwNTE1MDEwODU0WjB6MQsw
CQYDVQQGEwJBVTEkMCIGA1UEChMbVGhlIFVuaXZlcnNpdHkgb2YgTWVsYm91cm5l
MSEwHwYDVQQDExhJUFJlZyBDZXJ0aWZpY2F0ZSBJc3N1ZXIxIjAgBgkqhkiG9w0B
CQEWE2N3aXNAdW5pbWVsYi5lZHUuYXUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ
AoGBANOLoi+BzNAd0skrEg1Mrpige/RPge1AAXVuJV1RTljfC4RqFJ0YLOlf83G+
TFXEV9JpA0mlZ41WaYIxcv4NsqaYxSIqJwQ/kQLHNutnBniPBBfEpvpSZLuKlMOC
nn1lazTZJ3Qr4V0Y5QkQSLmOQv9JcdIkaa/MlH58+IuCTcopAgMBAAGjgdcwgdQw
HQYDVR0OBBYEFPeFx26htmwu1w55Ud9WBxihGSV0MIGkBgNVHSMEgZwwgZmAFPeF
x26htmwu1w55Ud9WBxihGSV0oX6kfDB6MQswCQYDVQQGEwJBVTEkMCIGA1UEChMb
VGhlIFVuaXZlcnNpdHkgb2YgTWVsYm91cm5lMSEwHwYDVQQDExhJUFJlZyBDZXJ0
aWZpY2F0ZSBJc3N1ZXIxIjAgBgkqhkiG9w0BCQEWE2N3aXNAdW5pbWVsYi5lZHUu
YXWCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQB7JuUdBFXXTAb+
UHb9a+gANg6oDgcNHyJ35rKCg839i/2/PPxsk2gOwIi6jet9JcUZsh0yJdkB3h8V
jkWEVEq7QP7tVzVKqKlotOio6Zyv184f5qwBIAP2xCLVr9kn6BTYWLs1Rf6eXeW0
LeNSltrX2Se8ZQG8W36edlG0EXLMAg==
-----END CERTIFICATE-----
"template" directory includes exact same cert7.db, key3.db and secmod.db files
except only directory-devel certificate in it:
[http@eclectic template]$ pwd
/export/home/http/.netscape/template
[http@eclectic template]$ ls -al
total 196
drwxr-xr-x 2 http http 512 Jan 6 15:35 .
drwxr-xr-x 6 http http 512 Jan 6 15:33 ..
-rw------- 1 http http 32768 Jan 6 15:36 cert7.db
-rw------- 1 http http 32768 Jan 6 15:35 key3.db
-rw------- 1 http http 32768 Jan 6 15:35 secmod.db
[http@eclectic template]$ certutil -L -d .
Certificate Name Trust Attributes
directory-devel.unimacq.edu.au P,,
p Valid peer
P Trusted peer (implies p)
c Valid CA
T Trusted CA to issue client certs (implies c)
C Trusted CA to certs(only server certs for ssl) (implies c)
u User cert
w Send warning
[http@eclectic bjdean]$ pwd
/export/home/http/.netscape/bjdean
[http@eclectic bjdean]$ cp ~http/.netscape/template/cert7.db .
[http@eclectic bjdean]$ cp ~http/.netscape/template/key3.db .
[http@eclectic bjdean]$ certutil -R -s "CN=Bradley John Dean, UID=bjdean, O=The University of Macquarie, C=AU" -p 47497 -o bjdean.req -d . -f ../.passwd -z ../.rnd
Generating key. This may take a few moments...
[http@eclectic bjdean]$ less bjdean.req
"bjdean.req" may be a binary file. See it anyway?
[http@eclectic bjdean]$ /servers/web/bin/openssl version
OpenSSL 0.9.7e 25 Oct 2004
Convert DER format certificate request to PEM format:
[http@eclectic bjdean]$ /servers/web/bin/openssl req -config /servers/web/openssl/openssl.cnf -inform DER -outform PEM -in bjdean.req -out bjdean.req.pem
[http@eclectic bjdean]$ openssl req -text -in bjdean.req.pem
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=AU, O=The University of Macquarie/UID=bjdean, CN=Bradley John Dean
...
-----BEGIN CERTIFICATE REQUEST-----
MIIBpzCCARACAQAwZzELMAkGA1UEBhMCQVUxJDAiBgNVBAoTG1RoZSBVbml2ZXJz
aXR5IG9mIE1lbGJvdXJuZTEWMBQGCgmSJomT8ixkAQETBmJqZGVhbjEaMBgGA1UE
AxMRQnJhZGxleSBKb2huIERlYW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
AKANJarH0t9vN7+MiLdFrcEwr5DF/S6DxfXvIBQ6nt43tBr/yee1hFRERDHmBU8H
KbnDYSUL57ndgbMS5K9/Z8lK9wkV2hPCrYTINn6cK4rSu7kHteQLcYq5HlDsdgWp
koMLs04V+OuFsjdP+t7r8TNdjLU8bm6T3WQjfOsBufcVAgMBAAGgADANBgkqhkiG
9w0BAQQFAAOBgQCEvsPoAfjLXX/VGv0JE6kkBDpkrt8HT5FJ5HcABpug+5xdugyy
zgtmO4PWgbVRVpAg0VnwTf4Te1A7AGt679repeTS8zovJuZ0dgytwt5zHlo28s6T
8ZKDNmPcOLtkwVa0vcSXvq2ZBNd556kV64Unlfr7ori9813pyt1dHN4k/g==
-----END CERTIFICATE REQUEST-----
[http@eclectic bjdean]$ /servers/web/bin/openssl ca -config /servers/web/openssl/openssl.cnf -in bjdean.req.pem -out bjdean.pem -passin file:../.passwd -batch
Using configuration from /servers/web/openssl/openssl.cnf
DEBUG[load_index]: unique_subject = "yes"
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 3 (0x3)
Validity
Not Before: Jan 6 05:11:46 2005 GMT
Not After : Jan 5 05:11:46 2010 GMT
Subject:
countryName = AU
organizationName = The University of Macquarie
commonName = Bradley John Dean
uid = bjdean
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
B2:89:75:18:23:12:39:60:FB:0C:FE:FB:69:89:34:4B:70:90:93:4E
X509v3 Authority Key Identifier:
keyid:F7:85:C7:6E:A1:B6:6C:2E:D7:0E:79:51:DF:56:07:18:A1:19:25:74
DirName:/C=AU/O=The University of Macquarie/CN=IPReg Certificate Issuer/emailAddress=siwc@xxxxxxxxxxxxxx
serial:00
Certificate is to be certified until Jan 5 05:11:46 2010 GMT (1825 days)
Write out database with 1 new entries
Data Base Updated
[http@eclectic bjdean]$ openssl x509 -text -in bjdean.pem
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=AU, O=The University of Macquarie, CN=IPReg Certificate Issuer/emailAddress=siwc@xxxxxxxxxxxxxx
Validity
Not Before: Jan 6 05:11:46 2005 GMT
Not After : Jan 5 05:11:46 2010 GMT
Subject: C=AU, O=The University of Macquarie, CN=Bradley John Dean/UID=bjdean
...
-----BEGIN CERTIFICATE-----
MIIDWzCCAsSgAwIBAgIBAzANBgkqhkiG9w0BAQQFADB6MQswCQYDVQQGEwJBVTEk
MCIGA1UEChMbVGhlIFVuaXZlcnNpdHkgb2YgTWVsYm91cm5lMSEwHwYDVQQDExhJ
UFJlZyBDZXJ0aWZpY2F0ZSBJc3N1ZXIxIjAgBgkqhkiG9w0BCQEWE2N3aXNAdW5p
bWVsYi5lZHUuYXUwHhcNMDUwMTA2MDUxMTQ2WhcNMTAwMTA1MDUxMTQ2WjBnMQsw
CQYDVQQGEwJBVTEkMCIGA1UEChMbVGhlIFVuaXZlcnNpdHkgb2YgTWVsYm91cm5l
MRowGAYDVQQDExFCcmFkbGV5IEpvaG4gRGVhbjEWMBQGCgmSJomT8ixkAQETBmJq
ZGVhbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAoA0lqsfS3283v4yIt0Wt
wTCvkMX9LoPF9e8gFDqe3je0Gv/J57WEVEREMeYFTwcpucNhJQvnud2BsxLkr39n
yUr3CRXaE8KthMg2fpwritK7uQe15AtxirkeUOx2BamSgwuzThX464WyN0/63uvx
M12MtTxubpPdZCN86wG59xUCAwEAAaOCAQIwgf8wCQYDVR0TBAIwADAsBglghkgB
hvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE
FLKJdRgjEjlg+wz++2mJNEtwkJNOMIGkBgNVHSMEgZwwgZmAFPeFx26htmwu1w55
Ud9WBxihGSV0oX6kfDB6MQswCQYDVQQGEwJBVTEkMCIGA1UEChMbVGhlIFVuaXZl
cnNpdHkgb2YgTWVsYm91cm5lMSEwHwYDVQQDExhJUFJlZyBDZXJ0aWZpY2F0ZSBJ
c3N1ZXIxIjAgBgkqhkiG9w0BCQEWE2N3aXNAdW5pbWVsYi5lZHUuYXWCAQAwDQYJ
KoZIhvcNAQEEBQADgYEAA3nUHCnRaJichITwlsgRJMgDAd5TjnF94hakmKw7fVE2
wPJFyRrjXBGpbAT2HZXbSQf+2VdLDPjt8KtxYKuhXDA3U00AnWDDoiX5NuHx39s2
Dco7ZnEpdZeWJJMNFG/2+PfcDO7Sh5GONNx+V1tDRo5G2Rj4zxMr6DhFVWcj79s=
-----END CERTIFICATE-----
Convert PEM format certificate into DER format:
[http@eclectic bjdean]$ /servers/web/bin/openssl x509 -inform PEM -outform DER -in bjdean.pem -out bjdean.crt
[http@eclectic bjdean]$ certutil -A -n bjdean -t "u,u,u" -i bjdean.crt -d . -f ../.passwd
[http@eclectic bjdean]$ certutil -L -d .
Certificate Name Trust Attributes
bjdean u,u,u
directory-devel.unimacq.edu.au P,,
p Valid peer
P Trusted peer (implies p)
c Valid CA
T Trusted CA to issue client certs (implies c)
C Trusted CA to certs(only server certs for ssl) (implies c)
u User cert
w Send warning
User "bjdean" can login on IPReg now.
|