[rs-commit] r269 - /rs-manual/trunk/src/site/xhtml5/mod/mod_timestamp.xhtml5

rs-commit at redwax.eu rs-commit at redwax.eu
Sun Feb 9 23:31:05 CET 2020 

Author: minfrin at redwax.eu
Date: Sun Feb  9 23:31:03 2020
New Revision: 269

Log:
Move paramgraphs into the content div.

Modified:
    rs-manual/trunk/src/site/xhtml5/mod/mod_timestamp.xhtml5

Modified: rs-manual/trunk/src/site/xhtml5/mod/mod_timestamp.xhtml5
==============================================================================
--- rs-manual/trunk/src/site/xhtml5/mod/mod_timestamp.xhtml5	(original)
+++ rs-manual/trunk/src/site/xhtml5/mod/mod_timestamp.xhtml5	Sun Feb  9 23:31:03 2020
@@ -237,36 +237,36 @@
 </IfModule>
 ]]></code>
                 </pre>
-              </div>
-              <p>Client implementations for RFC3160 can be found for most languages; and some applications have these build in (in that case  -the URI to enter for the above examples would be <code>https://fqdn.com/timestamp</code>.</p>
-              <p> It is also possible to use OpenSSL its build in <code>ts</code> utility; an example is show below; where a file caled <code>my-novel.doc</code> is timestamped (any binary file will do).</p>
-              <ol>
-                <li> First create a signing request for the file. What actually gets signed is the SHA256 (specified by the <code>-cert</code> flag).
-
-                <pre><code><![CDATA[
+                <p>Client implementations for RFC3160 can be found for most languages; and some applications have these build in (in that case  -the URI to enter for the above examples would be <code>https://fqdn.com/timestamp</code>.</p>
+                <p> It is also possible to use OpenSSL its build in <code>ts</code> utility; an example is show below; where a file caled <code>my-novel.doc</code> is timestamped (any binary file will do).</p>
+                <ol>
+                  <li> First create a signing request for the file. What actually gets signed is the SHA256 (specified by the <code>-cert</code> flag).
+
+                  <pre><code><![CDATA[
 openssl ts -query -data my-novel.doc -cert -sha256 -no_nonce -out request.tsq
 ]]></code></pre></li>
-                <li> Then offer this to the signing server (assumed here to run localhost); as an HTTP POST request with the right content type. The reply is signed receipt (in binary, DER, format).
-                <pre><code><![CDATA[
+                  <li> Then offer this to the signing server (assumed here to run localhost); as an HTTP POST request with the right content type. The reply is signed receipt (in binary, DER, format).
+                  <pre><code><![CDATA[
 curl -H Content-type:application/timestamp-query --data-binary @request.tsq http://127.0.0.1/timestamp > reply.tsq
 ]]></code></pre></li>
-                <li> You can now dump the content of this reply; 
-                <pre><code><![CDATA[
+                  <li> You can now dump the content of this reply; 
+                  <pre><code><![CDATA[
 openssl ts -reply -text -in reply.tsq
 openssl asn1parse -inform DER -in reply.tsq
 ]]></code></pre>
 
-                <p>or, better, verify it against the timestamp certificate (or, with the chain, against any of the higher CA certificates as the root):</p>
-
-                <pre><code><![CDATA[
+                  <p>or, better, verify it against the timestamp certificate (or, with the chain, against any of the higher CA certificates as the root):</p>
+
+                  <pre><code><![CDATA[
 openssl ts -verify -in reqply.tsq  -data my-novel.doc -CAfile /etc/pki/ssl/timestamp.cert
 ]]></code></pre>
 
-                <p>Note: As we dit not set a 'nonce' in step 1 - we did not get one back (which you can use to verify against the one in the request). And in this particular case - we get a random `serial' number set by the time server (As we set <code>CASimpleSerialRandom</code> to <code>on</code> in the servr configuration).</p>
-
-                <p>In this case - we simply use the certificate set in the configuration file of the signing timeserver (by <code>TimestampSigningCertificate</code>) to verify. So we have no chain issues.</p>
-                </li>
-              </ol>
+                  <p>Note: As we dit not set a 'nonce' in step 1 - we did not get one back (which you can use to verify against the one in the request). And in this particular case - we get a random `serial' number set by the time server (As we set <code>CASimpleSerialRandom</code> to <code>on</code> in the servr configuration).</p>
+
+                  <p>In this case - we simply use the certificate set in the configuration file of the signing timeserver (by <code>TimestampSigningCertificate</code>) to verify. So we have no chain issues.</p>
+                  </li>
+                </ol>
+              </div>
             </section>
           </div>
         </div>

More information about the rs-commit mailing list