Join the revolution - StartCom Linux  
Join the revolution - StartCom Linux

Official StartCom Public User Forum

 FAQ FAQ   View the advanced search options Advanced search   Members Members   Groups Groups  Register Register 
 User Control Panel User Control Panel       Login Login 
 


Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: Some questions about certs
PostPosted: Thu Dec 31, 2009 6:21 pm 
Offline

Joined: Fri Jan 25, 2008 3:09 pm
Posts: 12
Hiya, I have some questions that have cropped up as I've come round to renew my domain certificates.

1) Although the cert works as an SSL cert, the 'Organiztion' name displayed for my certificates has gone from being the domain name itself to 'Persona Not Validated'. Is this a policy change by StartSSL, or have I done something differently this time?

2) Why is the .crt file at http://www.startssl.com/certs/ca-bundle.crt apparently unencrypted and readable in a text editor, but the crt file at eg. http://www.startssl.com/certs/sub.class1.client.ca.crt apparently encrypted?

3) CA bundles. This is a confusing topic. Essentially, as I understand it, they are a bunch of certs, just copy/pasted together in one file. However, I have discovered a couple of different StartSSL CA bundle files that I had stored (and was using) on my server. One seems to have lots of (useful?) descriptive information above each cert, and the other just has the certs. Here are the two:
http://www.game-point.net/misc/startcom1.cabundle.txt
http://www.game-point.net/misc/startcom2.cabundle.txt

Now, your latest version of the StartCom CA bundle at http://www.startssl.com/certs/ca-bundle.crt seems to be a lot more similar to the startcom2 CA bundle I had lying around. Where would I have got hold of the nicer (to the human eye, anyway) startcom1 one?


Top
 Profile E-mail  
 
 Post subject: Re: Some questions about certs
PostPosted: Fri Jan 01, 2010 5:01 am 
Offline

Joined: Mon Oct 04, 2004 11:41 am
Posts: 712
Location: Israel
jez9999 wrote:
Hiya, I have some questions that have cropped up as I've come round to renew my domain certificates.

1) Although the cert works as an SSL cert, the 'Organiztion' name displayed for my certificates has gone from being the domain name itself to 'Persona Not Validated'. Is this a policy change by StartSSL, or have I done something differently this time?


Yes.

jez9999 wrote:
2) Why is the .crt file at http://www.startssl.com/certs/ca-bundle.crt apparently unencrypted and readable in a text editor, but the crt file at eg. http://www.startssl.com/certs/sub.class1.client.ca.crt apparently encrypted?


It's not encrypted, it has a different encoding. For historical reasons the CA Bundle has been kept in PEM format, whereas the certificates are either DER encoded (.crt) or PEM encoded (.pem).

jez9999 wrote:
3) CA bundles. This is a confusing topic. Essentially, as I understand it, they are a bunch of certs, just copy/pasted together in one file. However, I have discovered a couple of different StartSSL CA bundle files that I had stored (and was using) on my server. One seems to have lots of (useful?) descriptive information above each cert, and the other just has the certs. Here are the two:
http://www.game-point.net/misc/startcom1.cabundle.txt
http://www.game-point.net/misc/startcom2.cabundle.txt

Now, your latest version of the StartCom CA bundle at http://www.startssl.com/certs/ca-bundle.crt seems to be a lot more similar to the startcom2 CA bundle I had lying around. Where would I have got hold of the nicer (to the human eye, anyway) startcom1 one?


The former bundle is from our old CA root and not in use anymore. The later is from the current CA root and is kept in a compacter form. You can use OpenSSL to display the content nicely:

Code:
openssl x509 -text -noout -in ca-bundle.crt


Top
 Profile E-mail  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 2 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron