<heingray@gmail.com> wrote in message
news:1151887684.962681.123840@h44g2000cwa.googlegroups.com...
> How can i classify it?
>
> Every cert not rejected when i signing with openssl even if
> that does not work.
>
> I found simple solution of it. just click the lock icon, export
> current level cert to file and click the exported file.
>
> You will meet some kind of error (usually root ca doesn't show up)
> or valid one but almost expired.
>
> Try https://verisign.com
>
> However, i cannot classify OID that you said.
>
> Could you help me to find out that?
>
> Thanks in advance.
>
> Ken Schaefer wrote:
>> What are the OIDs for the certificate for "www.yourdomain.com"?
>>
>> Surely it can only be used for Server Authentication (and similar), not
>> for
>> signing other certificates?
>>
>> Cheers
>> Ken
>>
>> <heingray@gmail.com> wrote in message
>> news:1151652967.013632.16900@b68g2000cwa.googlegroups.com...
>> >I tryed it until yesterday.
>> >
>> > I think i'm almost succeed.
>> >
>> > it's so easy. set openssl SSLCACertificateFile to verisign's one.
>> >
>> > cert tree appear to follow.
>> >
>> > VeriSign Class 3 Public Primary CA
>> > |
>> > ---> www.verisign.com/CPS incorp.by Ref. LIABILITY LTD. (c)97 VeriSign
>> > |
>> > ----->www.yourdomain.com
>> > |
>> > -----> NewOne.com
>> >
>> > But, the file www.yourdomain.com contain expired cert (CPS
>> > incorp..blah)
>> >
>> > I think it's some kind of 'prevention' of verisign.
>> >
>> > so, I try to export many site's cert. and i knew some site's cert is
>> > contain
>> >
>> > valid cert.
>> >
>> > therefore, somebody know the site that sold valid cert?
>> >
>

Ken Schaefer wrote:
> The purposes that a certificate can be used for are determined by the
> issuing CA. If a certificate is issued for server-authentication, you can't
> use it for other purposes. The OIDs for a certificate are available via the
> Certificate Manager MMC snapin (Start -> Run -> certmgr.msc)
>
> Cheers
> Ken
>
> <heingray@gmail.com> wrote in message
> news:1151887684.962681.123840@h44g2000cwa.googlegroups.com...
> > How can i classify it?
> >
> > Every cert not rejected when i signing with openssl even if
> > that does not work.
> >
> > I found simple solution of it. just click the lock icon, export
> > current level cert to file and click the exported file.
> >
> > You will meet some kind of error (usually root ca doesn't show up)
> > or valid one but almost expired.
> >
> > Try https://verisign.com
> >
> > However, i cannot classify OID that you said.
> >
> > Could you help me to find out that?
> >
> > Thanks in advance.
> >
> > Ken Schaefer wrote:
> >> What are the OIDs for the certificate for "www.yourdomain.com"?
> >>
> >> Surely it can only be used for Server Authentication (and similar), not
> >> for
> >> signing other certificates?
> >>
> >> Cheers
> >> Ken
> >>
> >> <heingray@gmail.com> wrote in message
> >> news:1151652967.013632.16900@b68g2000cwa.googlegroups.com...
> >> >I tryed it until yesterday.
> >> >
> >> > I think i'm almost succeed.
> >> >
> >> > it's so easy. set openssl SSLCACertificateFile to verisign's one.
> >> >
> >> > cert tree appear to follow.
> >> >
> >> > VeriSign Class 3 Public Primary CA
> >> > |
> >> > ---> www.verisign.com/CPS incorp.by Ref. LIABILITY LTD. (c)97 VeriSign
> >> > |
> >> > ----->www.yourdomain.com
> >> > |
> >> > -----> NewOne.com
> >> >
> >> > But, the file www.yourdomain.com contain expired cert (CPS
> >> > incorp..blah)
> >> >
> >> > I think it's some kind of 'prevention' of verisign.
> >> >
> >> > so, I try to export many site's cert. and i knew some site's cert is
> >> > contain
> >> >
> >> > valid cert.
> >> >
> >> > therefore, somebody know the site that sold valid cert?
> >> >
> >