SCTs Help
101 views
Skip to first unread message
home pc
Mar 14, 2018, 11:28:15 AM3/14/18
to certificate-transparency
Hi Everyone's
Can we attach / add 2 or 3 scts in certificate??
How.....??
Salz, Rich
Mar 14, 2018, 12:29:46 PM3/14/18
to certificate-...@googlegroups.com
No. Only the CA can put things in the certificate and then sign or re-sign it.
What you can do is send SCT’s in the TLS handshake extensions.
home pc
Mar 17, 2018, 8:09:16 AM3/17/18
to certificate-transparency
thnx, but
I mean that....I am trying to add my own sct and google pilot sct....how?
Salz, Rich
Mar 17, 2018, 9:27:01 AM3/17/18
to certificate-...@googlegroups.com
Only the CA who signed the certificate can add things to the certificate.
home pc
Mar 17, 2018, 1:51:54 PM3/17/18
to certificate-transparency
I have my own Certificate Authority (CA)
home pc
Mar 17, 2018, 1:52:37 PM3/17/18
to certificate-transparency
Thnx but....I have my own Certificate Authority (CA).
Salz, Rich
Mar 17, 2018, 3:10:03 PM3/17/18
to certificate-...@googlegroups.com
So then what you are asking is how to use the software that you have, to add those things to the certs you generate.
Pierre Phaneuf
Mar 19, 2018, 9:36:07 AM3/19/18
to certificate-transparency
What software are you using to generate/sign those certificates?
To embed SCTs, you'll need support in your software for generating pre-certificates (which aren't certificates, but just the content of what will be signed, with a special "poison" extension, to make sure they never get interpreted as a certificate), and submit those using the "add-pre-chain" API. Then you can give back the SCTs you obtained to your software to embed them in the certificate, and only *then* sign the certificate.
How to do this would really depend on what exact software you're using?
On Sat, Mar 17, 2018 at 7:10 PM 'Salz, Rich' via certificate-transparency <certificate-...@googlegroups.com> wrote:
So then what you are asking is how to use the software that you have, to add those things to the certs you generate.
--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/certificate-transparency/7943DB79-6B2A-4477-81F8-778B73DB2A12%40akamai.com.
For more options, visit https://groups.google.com/d/optout.
Message has been deleted
Message has been deleted
Message has been deleted
home pc
Mar 20, 2018, 6:06:40 PM3/20/18
to certificate-transparency
1. I am using Google Certificate Transparency to generate SCTs.
2. I am using OpenSSL / LibreSSL to generate CA(Certificate Authority), IA(Intermediate Certificate) and Client/Server Certificate.On Monday, March 19, 2018 at 7:06:07 PM UTC+5:30, Pierre Phaneuf wrote:
What software are you using to generate/sign those certificates?To embed SCTs, you'll need support in your software for generating pre-certificates (which aren't certificates, but just the content of what will be signed, with a special "poison" extension, to make sure they never get interpreted as a certificate), and submit those using the "add-pre-chain" API. Then you can give back the SCTs you obtained to your software to embed them in the certificate, and only *then* sign the certificate.How to do this would really depend on what exact software you're using?
On Sat, Mar 17, 2018 at 7:10 PM 'Salz, Rich' via certificate-transparency <certificate-...@googlegroups.com> wrote:
--
So then what you are asking is how to use the software that you have, to add those things to the certs you generate.
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transparency+unsub...@googlegroups.com.
home pc
Mar 20, 2018, 6:07:11 PM3/20/18
to certificate-transparency
Reply all
Reply to author
Forward
0 new messages