Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I know how to create a regular X.509 certificate in OpenSSL, but I was wondering what fields I should type in order to correspond with a certificate created from thawte.com Freemail service. Specifically, Thawte has a "USA National Identification" and "National Identity Type". Do these go into the certificate, and if so, how would I put them in a certificate created by OpenSSL?
In short, I want to create a certificate in OpenSSL that is identical to Thawte's Freemail certificates, just with the CA being me, and not Thawte.
If I got it wrong I hope someone corrects me soon but in short: I wouldn't know how to. Thawte states nfo supplied in the "USA National Identification" field is used for their "Web of Trust". I've no need to crack their marketing lingo, but I'd say this is Thawte specific value-added stuff. If the RFC doesn't provide ways to add custom fields/data w/o breaking the standard, then it can't be a part of the cert's data w/o violating the std (not that many companies can't be arsed with keeping up stds anyway when they smell profit). There even is a small chance this could backfire, because if you seek to tweak certs until they look like Thawte certs, (and if you somehow manage to include that Thawte info) then it could be taken as trying to deceive people. Of course they should notice the CA is wonky unless you import the CA first, but nonetheless.
Distribution: FreeBSD,Debian, RH, ok well most of em...
"snake oil" is a reference to an old scheme where travelling salesmen would roll into a town and try to sell a special "medicine" that would cure whatever the salesmen decided was a good seller. All that was really in the bottle was snake oil. Basically a scam.
As for the cert.....Thawte are x.509 compliant which means all the sub OU's for Thawte specific info is useless. May be helpful if you are creating trusted Domains and maybe need to know which domain is which. Or possibly Thawte has a an expensive tool that you can buy that uses this extra info.