I am having problems in aquiring a CA request can you help me? Are thier any
documentation on how to use openssl to request a Digital ID for Apache on
SUN SOLARIS 2.7 platform. After I create a private.key I request the CA
request.csr and then when I recieved the Digital ID from Verisign I do not
> From: Erwann ABALEA [mailto:[EMAIL PROTECTED]]
> On Fri, 12 Jan 2001, David Lang wrote:
> > [getting rid of reply-to mangling would reduce mail looping]
> And a lot of users would be forced to rewrite the destinator of each
> email, since the sender is not [EMAIL PROTECTED] I think it's
> an
Can someone on this list provide instructions
on converting a cert (i.e. myfoobar.pem) into
PKCS12 format? This is necessary in order
to import keys within Netscape.
Thanks.
- Wally Winzer Jr.
__
OpenSSL Project
Dear Crypt::CBC maintainers,
Following this email, we found another incompatibility.
In order for Crypt::CBC to be compatible with openssl CBC when using the
*blowfish* algorithm, we also found it necessary to set the keysize to 16
bytes. However, because we wanted to maintain backward compatib
Can someone provide an example of the -verify depth option
for s_client. I'm trying to verify the cert/key and don't know
what arg for the depth to use. This is what I have so far:
openssl s_client -connect localhost:993 -verify
Thanks.
- Wally Winzer Jr.
___
Hi all!
Suppose you have an encrypted private key in a file. Does OpenSSL
provide any ways to handle that key _without_ decrypting it? I want to
read the raw key data, store it somewhere and then, later, use it and
_then_ ask the user for the password to decrypt.
TIA,
Peter
--
Peter 'Luna' Runes
I think I understand this. What it looks like to me is that IE gets a
pointer to a revocation list and checks the cert against it.
Unfortunately on NT or 98, if you don't have this checked and IE gets a
pointer to a revocation list, it fails. If it is checked, it appears to
just check the list
openssl-0.9.6-stable-SNAP-20010111 compiled fine, I'll start using it now in
my app unless there's any reason I shouldn't. Here's the errors from
openssl-SNAP-20010110, which I also tried:
--- CUT ---
bcc32 -otmp32\sha_one.obj -Iinc32 -Itmp32 -DWIN32_LEAN_AND_MEAN -q -w-aus -w
-par -w-i
OK, I understand how V2 backwards compatibility
works - clients send a V2-style ClientHello with
a version of 3.0 or 3.1. (It's a seriously ugly
aberration, too, but let's not go there right now.)
I saw in Appendix E that "Requests to resume an
SSL 3.0 session should use an SSL 3.0 client hello
IE will first try to make a connection, go through the handshake, then CLOSE
the connection if it detects a problem with the certificate (or if the
server asks the client to authenticate). It then prompts the user for the ok
to go ahead (or prompts the user to choose a certificate to authenticate
Wait a minute! I just tried the server revocation suggestion, and it
seems to work. I guess I owe you an apology for a hasty reply.
Here is what I don't understand
Why is this causing trouble if the cert is not expired?
How can I fix this from the server side without requiring that all the
s
Actually, IE does get through the handshake. There is a name conflict
because we are going direct to a machine rather than going through a
global load balancer.
When there is a cert name conflict, IE warns you and will happily
continue if you direct it to. Remember I said it gets through the
ha
Hello,
I'm trying to locate a *complete* ASN.1 specification for PKCS7. The RSA
website has posted a file called pkcs7.asn that is incomplete (many of the
ASN.1 objects are left blank). Our goal is to use the cryptix library in
our software, but to use the PKCS7 data structures we need to gener
Are you using an SGC certificate? If so and the address you're using in the
browser doesn't match that in the certificate then IE will do exactly what
you've described. Recent versions let you work around it by checking "Check
for server certificate revocation" in the advanced security settings.
Hey all. This is a problem I have been trying to solve for some time.
Please read carefully, because as far as I can tell, some of these
details seem to contradict others. I am only bothering you with it
because I have no more ideas.
We are using an Intel appliance for server side SSL session
Andrew,
Ha, that's a good one. Seriously, I'd imagine they might be reluctant to
issue it because the DN would not be unique. Does Verisign / Thawte insist
on unique DN's? I would think they'd have to. That's what the D in DN is all
about, right? You could add other unique information to the
>It was fixed by
>our postmaster as soon as we were made aware of the situation.
NOT true. I did send a message on January 10th 2001 23:25 +01.00 to
[EMAIL PROTECTED] with the kind request to solve this problem.
After 24 hours we all still got the Novell message from the list.
I don't conside
17 matches
Mail list logo
