On Tue, 11 Dec 2001, Michael Sierchio wrote:
> Carlos Costa Portela wrote:
>
> > merry:/usr/local/ssl# bin/openssl ca -policy policy_anything -out
> > newcert.pem -config openssl.cnf -infiles new.pem
> > Using configuration from openssl.cnf
> > unable to load CA private key
>
> It really means wh
Dear all,
I want to verify a certificate. I used the verify command but I realized
that it does check if the certificate is revoked or not. I used this
command:
openssl verify -CApath /usr/local/ca -CAfile /usr/local/ca/cacert.pem
/usr/local/ca/newcerts/new8.pem
I get the ok answer even if the ne
HI, my set up is as follows:
Apache 1.3.22 with mod_ssl 2.61 OPENSSL 0.9.5
Tomcat 3.3
SOAP 2.2
JSSE 1.0.2
I have a SOAP client that works perfectly with and without SSL when running
the client from Windows 2000 or XP. However when I try to test the client
from 95/98 with SSL I get the following
Carlos Costa Portela wrote:
> merry:/usr/local/ssl# bin/openssl ca -policy policy_anything -out
> newcert.pem -config openssl.cnf -infiles new.pem
> Using configuration from openssl.cnf
> unable to load CA private key
It really means what it says -- the path to the private directory
is based on
> > This doesn't help you when presented a naked cert by a stranger[...]
>
> Any parseable certificate presented by a strager is good enough to
> use that public key to send email encrypted to *his* private key.
> At least if there's no chance for man-in-the-middle.
Not if the cert denies such
Hello all!
First of all, since this problem seems not very difficult... where
is the faq of this list?.
Now, the problem:
merry:/usr/local/ssl# bin/openssl ca -policy policy_anything -out
newcert.pem -config openssl.cnf -infiles new.pem
Using configuration from openssl.c
[EMAIL PROTECTED] wrote:
>
> Hi,
> I want to generate a pkcs10 request with req command line tool but I
> don't
> know how to specify a particular key usage.
> I know I have to work in openssl.cnf line marked 'req_extension'... what
> kind of string has to be added in that line?
>
Its req_exten
Hi,
I want to generate a pkcs10 request with req command line tool but I
don't
know how to specify a particular key usage.
I know I have to work in openssl.cnf line marked 'req_extension'... what
kind of string has to be added in that line?
Thanks for any help.
Hi
I could not convert my key-cert.pem into a pkcs7 format,
even following all the steps in
www.binarytool.com/docs/ssl-cert-HOWTO.html to make my
cert.
After following these steps I wrote in the terminal:
openssl pkcs7 -in key-cert.pem -out key-cert.p7b
The resulting error was:
unable to l
On Mon, Dec 10, 2001 at 02:50:46PM -0800, Doug Poulin wrote:
> Is this the right way to go? Is anyone working on a SSH2 library for
> Teraterm?
Check out putty (http://www.chiark.greenend.org.uk/~sgtatham/putty/).
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL P
On Tue, 11 Dec 2001, Tat Sing Kong wrote:
>
> That's me told then, so to authenticate a certificate you need the whole
> "chain" of certs going from the cert to authenticate all the way to a
> trusted CA.
It's unlikely just authentication is of any practical use;
authorization is and risk of f
Hi,
I have been trying to figure out what the flags are for this function and
have come up with the following, can someone verify?
int OCSP_basic_verify(OCSP_BASICRESP *bs, // the OCSP response
STACK_OF(X509) *certs, // intermediate signing certs
X509_STOR
That's me told then, so to authenticate a certificate you need the whole
"chain" of certs going from the cert to authenticate all the way to a
trusted CA.
The application I am writing is presented with certs to authenicate from an
external source, and the configuration has to hold a "pool" of tr
Hi evryone,
I have generated my own certificate for testing (I'm just starting to learn
about SSL) in my linux box using CA.pl:
CA.pl -newca
CA.pl -newreq
CA.pl -signreq
CA.pl -pkcs12 "Test certificate"
Those have been executed inside my Linux box with latest stable version of
openssl... and the
>-Original Message-
>From: Doug Poulin [mailto:[EMAIL PROTECTED]]
>Sent: 10 December 2001 22:51
>To: [EMAIL PROTECTED]
>Subject: Help needed with getting SSL installed
>
>
>I have a Redhat Linux 6.2 server running Apache with mod-ssl. We were
>using SSH and Teraterm for connecting
>to the
Hello!
I use this when initializing.
SSL_CTX_use_PrivateKey_file(ssl_ctx, keyfile, SSL_FILETYPE_PEM)
what is the correct way of accessing this keyfile later. I.e. I would
like to say:
skey = ssl_ctx->private_key;
or similar.
/Douglas
__
On Mon, 10 Dec 2001, Bear Giles wrote:
> > Would this be a hassle if you have a root CA with a lot of intermediate
> > signers? That means that you have to store/locate all possible intermediate
> > signers to evaluate a couple of end user certificates.
>
> This is why PKCS12 (iirc) provides a
I have a Redhat Linux 6.2 server running Apache with mod-ssl. We were
using SSH and Teraterm for connecting
to the server remotely. Unfortunately that proved to be a security
problem, so we are shopping for a solution. We
would like to carry on with Teraterm since we have a large number of
scri
18 matches
Mail list logo
