Title: Message
Hi,
I am
generating client certificates using this method at the openssl
server:
openssl genrsa -des3 -out user.key
1024
openssl req -new -config openssl.cnf -key user.key -out
user.csr
openssl ca -config openssl.cnf -cert
CA.pem -in user.csr -keyfile CA.key -out
user.crt
Dear sirs,
I would like to know how to upgrade my old version of openssl to the newest one.
your help will be great appricated!!
Best regards,
Paul Lam
--
__
Your favorite stores, helpful shopping tools and great gift ideas. E
Title: Mail
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Richard Hassinger <[EMAIL PROTECTED]> writes:
> I have used SSLava before and it is capable, but it
> was only needed because it was a browser applet and we
> had a Java 1.1 target. If you're using Java 2 then
> JSSE is the way to go.
The major problem with JSSE is that it isn't Open Source.
You a
I have used SSLava before and it is capable, but it
was only needed because it was a browser applet and we
had a Java 1.1 target. If you're using Java 2 then
JSSE is the way to go.
--- Tat Sing Kong <[EMAIL PROTECTED]> wrote:
>
> I'm sure I heard of one a while back called SSLava
> or something,
Title: Mail
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Title: Mail
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Jeff Schiller ([EMAIL PROTECTED]) is the IETF Security Area co-director. The
SAAG is the Security Area Advisory Group.
I wrote to him and said:
> I thought I recalled that the IETF says "avoid MD5 use SHA-1" but a
> Google search for that dictum turns up too much chaff.
His reply, quoted with p
Eric Rescorla wrote:
> The attack you describe: creating a document with a SPECIFIC digest,
> is 2^n hard ...
Eric is of course correct.
__
OpenSSL Project http://www.openssl.org
User Support Mail
On Thu, 6 Dec 2001, Rich Salz wrote:
rsalz> So the ability to trust your certificate depends on the ability to
rsalz> trust DNS.
rsalz>
rsalz> It's like building a castle on a foundation of sand.
Well, you surely have a point here.
If you replicate my site and fake my dns zone t
On Thu, 6 Dec 2001, Erwann ABALEA wrote:
eabale> I didn't say that it was technically impossible to do, but that
eabale> it was a bad way to make it automatic... The end user should
eabale> manually trust your CA, and he should understand what he's doing,
eabale> except if you want them to behave
You need an "out of band" mechanism.
Handing someone paper with the fingerprint is good.
--
Zolera Systems, Your Key to Online Integrity
Securing Web services: XML, SOAP, Dig-sig, Encryption
http://www.zolera.com
__
OpenSSL Pro
http://www.ciphersbyritter.com/NETLINKS.HTM#RandomnessLinks
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager
Title: Problem reading public file
I am going to
be generating a series of around 1000 random numbers using OpenSSL. .Do I set
the seed just once or multiple times or even once for each random number I
generate. What is the theory behind this? Any pointer to information sources on
ra
Hi,
If it is the first certificate you are trying to create
except for the CA Cert, then change the value "02" to "01"
As it your first user's certif.
Ciao!
Oliver Jaeckel wrote:
>
> Hi folks! I am LOST!
>
> For signing a cert request, I entered:
> openssl ca -name Server_CA -keyfile /usr/ssl
Hi folks! I am LOST!
For signing a cert request, I entered:
openssl ca -name Server_CA -keyfile /usr/ssl/PCA/private/CAkey.pem -in
requests/therequest.txt -days 365
Openssl writes:
Using configuration from /usr/share/ssl/openssl.cnf
Enter PEM pass phrase:
I enter passphrase and get an error:
e
0.9.6-engine supports CryptoSwift as well as nCipher, Atalla, and software.
0.9.7 folds the engine code into the main branch, reorganizes it, and adds a
couple more engines.
Lynn Gazis
Rainbow Technologies
-Original Message-
From: Andy Schneider [mailto:[EMAIL PROTECTED]]
Sent: Friday, D
Hi list,
Are ReasonCode & CRLReason CRL EXTensions implemented
in openssl-0.9.6b?
idem with:
cRLNumber, deltaCRLIndicator,
If someone have a patch for that, it would be
kindy to share it.
Regards
--
# .- ...- . .-. .-. --- . ... .- .-.-.- .- -.-- ... .-
# Averroes A. Aysha
# T
AFAIK OpenSSL 0.9.7 is going to have pluggable cryptographic service
providers (engines). 0.9.6 doesn't have this (it's all software) but
0.9.6-engine does. You can therefore use an engine based version with
hardware crypto if you have an appropriate engine. 0.9.6 supports three?
of engines, softw
> -Original Message-
> From: Eric Rescorla [mailto:[EMAIL PROTECTED]]
> Sent: Friday, December 07, 2001 5:29 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Cryptology Questions
>
>
> Bernard Dautrevaux <[EMAIL PROTECTED]> writes:
> > It's even worst than that: Alice can agree with Bob to the
Arnaud De Timmerman writes:
> please someone who's successfully using vbscript and the xenroll.dll
> to install a user cert in internet explorer sends me his/her piece
> of code i'm going mad with all the different settings
1) http://pki.ssh.com:8080/enroll.html
2) click IE enrollment
3) view so
Hi,
One can control some crypto card as nCipher's shield,
that we use in my company.The ohter is just a software.
Ciao!
"Kasper (swebase)" wrote:
>
> I have an easy question.
>
> What is the difference between openssl-engine and openssl ?
>
> /Kasper
>
>
Try Eric Rescola's site: http://www.rtfm.com/puretls/
-Original Message-
From: Tat Sing Kong [mailto:[EMAIL PROTECTED]]
Sent: Friday, December 07, 2001 10:55 AM
To: [EMAIL PROTECTED]
Subject: RE: Java toolkit for SSL???
I'm sure I heard of one a while back called SSLava or something, b
Bernard Dautrevaux <[EMAIL PROTECTED]> writes:
> It's even worst than that: Alice can agree with Bob to the original
> contract, and have Bob sign it. THEN she have:
>- The contract itself (which can be used to generate the MD5 digest)
>- Bob's signed MD5 digest
>
> Then applying the birt
> -Original Message-
> From: Michael Wojcik [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, December 06, 2001 10:46 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Cryptology Questions
>
>
> > From: Neff Robert A [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, December 06, 2001 2:47 PM
> > Inde
I'm sure I heard of one a while back called SSLava or something, but there
definitely is one.
Tat.
> Hi,
>
> i tried to find a toolkit that can handle C and Java to make sure
> being 100% compatible,because we have a networkclient
> application written in C,and also a Browser application written
It is not the connection I was referring to but the environment
that was generating the certs. Was the original user attempting
to store his client's generated key pairs on his server? Then
that server better be secured. Perhaps I wasn't clear on
that point. However, I personally would never u
Hi,
i tried to find a toolkit that can handle C and Java to make sure beeing 100%
compatible,because we have a networkclient application written in C,and also a Browser
application written in Java.
Does anybody know a good SSL toolkit for java?
Thanks
Larry
___
Title: Mail
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
Title: Problem reading public file
Hi!
I have a public file in PEM format generated by:
openssl genrsa -f4 -out key.pem 1024
openssl rsa -in key.pem -pubout >pub.pem
When I try to read this key with the following code:
FILE *fp = fopen( "pub.pem", "r" );
server is ready.
client call SSL_connect(ssl);
in gdb,it say:
1057:error:0D06B078:asn1 encoding routines:ASN1_get_object:header too
long:asn1_lib.c:139:
1057:error:0D09F006:asn1 encoding routines:d2i_X509:bad get asn1 object
call:x_x509.c:102:address=135128672 offset=0
1057:error:1407E00B:SSL r
I have an easy question.
What is the difference between openssl-engine and openssl ?
/Kasper
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTE
32 matches
Mail list logo
