the two .pem's...
|
Mar. 18, 2012, 07:23 PM
Post: #1
|
|||
|
|||
the two .pem's...
is it possible to get an updated "how to" so that users can "roll their own" as far as the two *.pem files go?
i have tried and tried, then tried and tried, and then tried and tried yet again to "roll my own"... used everything from 98 FIRST edition to 98 SECOND edition to XP to Vista - NONE of the "rolled" .pem's have "worked"... at least not the 'certs.pem', the 'proxcert.pem' "seems to" be just fine (not that i really know "how" to test it independently of 'certs.pem')... |
|||
Mar. 19, 2012, 12:57 AM
Post: #2
|
|||
|
|||
RE: the two .pem's...
Upload a couple of the 'certs.pem' files. I'll see if I can see what is wrong.
I'm assuming that you used the instructions and files in 'make-certspem.zip', http://prxbx.com/forums/showthread.php?t...6#pid15196 . |
|||
Mar. 19, 2012, 01:18 AM
(This post was last modified: Mar. 19, 2012 01:20 AM by ProxRocks.)
Post: #3
|
|||
|
|||
RE: the two .pem's...
yes, those instructions to-a-T...
have used Notepad, WordPad, Notepad++, Notepad2, and MetaPad... have used WinXP, Vista, Win98, and Win98SE... have even deleted the "expired" ones (which the instructions "to-a-T" would suggest leaving the expired ones in)... have checked the "include all in path" checkbox (an option when exporting as .p7b), have also left it unchecked... can only upload ONE (Win98SE & WordPad)... it's shear luck that this one hasn't been deleted yet (why keep 'em around if they don't work?)... much appreciated, i really want to be able to roll these myself... and perhaps even learn how to edit them for sites such as RapidShare - wink, wink... |
|||
Mar. 19, 2012, 02:12 AM
Post: #4
|
|||
|
|||
RE: the two .pem's...
I'm assuming that nag screens mean it doesn't work.
(Mar. 19, 2012 01:18 AM)ProxRocks Wrote: yes, those instructions to-a-T... Are you sure that you only exported those certificates used for "Server Authentication"? I don't remember some of these. Quote:* Under the control panel go to... (Mar. 19, 2012 01:18 AM)ProxRocks Wrote: have even deleted the "expired" ones (which the instructions "to-a-T" would suggest leaving the expired ones in)... Expired certs can be necessary. They may be needed for things that were signed before they expired. (Mar. 19, 2012 01:18 AM)ProxRocks Wrote: much appreciated, i really want to be able to roll these myself... This editing is little more than trial and error. If a new 'certs.pem' throws an error where the old one didn't, I remove new certs from the new 'certs.pem' until the problem cert is found. |
|||
Mar. 19, 2012, 02:26 AM
Post: #5
|
|||
|
|||
RE: the two .pem's...
(Mar. 19, 2012 02:12 AM)JJoe Wrote: I'm assuming that nag screens mean it doesn't work. server authentication - POSITIVE advanced purposes - 99% positive for MOST of the "roll attempts", but no, i did forget that step in the attched win98se attempt... nag screen - HADES YES, if their is a nag-crap-piece-of-shinola, then it DOES NOT WORK |
|||
Mar. 19, 2012, 03:17 AM
Post: #6
|
|||
|
|||
RE: the two .pem's... | |||
Mar. 19, 2012, 01:44 PM
Post: #7
|
|||
|
|||
RE: the two .pem's...
i've rolled another, paying closer attention to the instructions, lol...
(after rolling DOZENS of them, i actually thought i had the process "memorized", but yeah, i did miss ONE step...) BUT this one "nag screens" at http://https-px-.secure.ingdirect.com/my...splayLogin whereas your posted certs.pem does not - so i'm still "missing something"... do you see anything 'wrong' with the attached? |
|||
Mar. 19, 2012, 03:58 PM
Post: #8
|
|||
|
|||
RE: the two .pem's...
(Mar. 19, 2012 01:44 PM)ProxRocks Wrote: do you see anything 'wrong' with the attached? What happens after you remove Code: subject=/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Root ? HTH |
|||
Mar. 19, 2012, 04:55 PM
Post: #9
|
|||
|
|||
RE: the two .pem's...
Eureka! That did the trick!
Fairly limited testing, but so far so good... (not with RapidShare, not to beat that dead horse, lol...) How did you know to remove that one? I'm also noticing that my rolled certs.pem is 416 KB whereas the publicly posted update dated 1/2/2012 is 560 KB - does this indicate that I'm still "missing" something? |
|||
Mar. 19, 2012, 09:52 PM
(This post was last modified: Mar. 19, 2012 09:53 PM by JJoe.)
Post: #10
|
|||
|
|||
RE: the two .pem's...
(Mar. 19, 2012 04:55 PM)ProxRocks Wrote: How did you know to remove that one? I've been removing it from my 'certs.pem' files. Found it by one slightly educated guess. (Mar. 19, 2012 04:55 PM)ProxRocks Wrote: I'm also noticing that my rolled certs.pem is 416 KB whereas the publicly posted update dated 1/2/2012 is 560 KB - does this indicate that I'm still "missing" something? You have fewer certs. Probably best to use a file comparison program to see the details. |
|||
Mar. 19, 2012, 10:44 PM
Post: #11
|
|||
|
|||
RE: the two .pem's...
did you intentionally add cert's that "windows" didn't fetch on its own?
|
|||
Mar. 19, 2012, 10:58 PM
Post: #12
|
|||
|
|||
RE: the two .pem's...
(Mar. 19, 2012 10:44 PM)ProxRocks Wrote: did you intentionally add cert's that "windows" didn't fetch on its own? No. However, I would add Code: subject=/OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Root Authority if not already present. HTH |
|||
Mar. 20, 2012, 12:43 AM
Post: #13
|
|||
|
|||
RE: the two .pem's...
already added, that's why i'm surprised we have different file sizes...
haven't "compared" the two side-by-side yet, just going by file size... i'd be more "confident" if there was a ".crl" file that could be downloaded from Microsoft (gasp!) or VeriSign or whoever the biggies in the .crl-world are and that there was a way to convert those to .pem... but i'm totally clueless and don't know if that's just totally too far "out there"... |
|||
Mar. 20, 2012, 01:51 AM
(This post was last modified: Mar. 20, 2012 01:53 AM by JJoe.)
Post: #14
|
|||
|
|||
RE: the two .pem's...
I don't think there is a 'complete' store of certificates. You start with some and add or remove as needed.
For Windows XP SP3, you can find and install the latest "rootsupd.exe", http://www.microsoft.com/download/en/details.aspx?id=28965 . I used Windows Update to get a current store before I extracted the certs. |
|||
Mar. 20, 2012, 11:06 AM
Post: #15
|
|||
|
|||
RE: the two .pem's...
will give that a try...
initial observation is that rootsupd.exe is dated 2/27/2012 whereas the posted certs.pem is dated 1/2/2012... seems worthy to note in that the RapidShare nag-screen-piece-of-shi-er-um-crap started sometime BETWEEN those two dates (not sure if that's "significant" or not)... |
|||
« Next Oldest | Next Newest »
|