On Fri, Jun 06, 2003, rajagopalan ramanujam wrote:
>
>
> Hi Dr Steve,
>
> Since its an embedded platform it does not have debug
> or a serial interface. But i did debug further and
> found that OBJ_obj2nid returning 7 (RSA-md2) incase
> of www.google.com and it returns 8 (RSA-md5) incase
> of
Hi Dr Steve,
Since its an embedded platform it does not have debug
or a serial interface. But i did debug further and
found that OBJ_obj2nid returning 7 (RSA-md2) incase
of www.google.com and it returns 8 (RSA-md5) incase
of thawte.com.
Basically its failing in EVP_get_digestbyname()
UNKNOWN_M
On Fri, Jun 06, 2003, rajagopalan ramanujam wrote:
>
> hi,
>
> I have defined SSL_library_init rather then
> openSSL_add_all_algorithms to save memory.
>
> I have turned on DES,RC4 in chipers and MD5,SHA in
> message digest.
>
> Could you let me know what could be problem.
>
> I can connect
I tried to openSSL_add_all_algotithms instead of
SSL_library_init but i am still seeing the same
issue.
--- rajagopalan ramanujam <[EMAIL PROTECTED]>
wrote:
>
> hi,
>
> I have defined SSL_library_init rather then
> openSSL_add_all_algorithms to save memory.
>
> I have turned on DES,RC4 in c
I have install apache 1.3.27 with openssl-0.9.7b and mod-ssl2.8.13-1.3.27
This is all running on RH 8.0.
I installed the default certificate to play with and all was good.
I purchased a certificate from VeriSign and things are so so.
When the server starts in the ssl_engine_log I get the following
hi,
I have defined SSL_library_init rather then
openSSL_add_all_algorithms to save memory.
I have turned on DES,RC4 in chipers and MD5,SHA in
message digest.
Could you let me know what could be problem.
I can connect to www.thawte.com and X509_verify
is successful. And also i have generated s
Not strictly openssl related but posted here anyway. If
anyone can recommend a better place to post this, I would
appreciate it.
Around the middle of May a number of my users started
being unable to apply for certificates from my web based
certificate authority using MSIE6.
I duplicated this with M
Thank you for your answer.
But I used the following command :
# openssl pkcs12 -export -in usercert.pem -inkey userkey.pem -out cert.p12
Then I try to install it on my workstation (WinNT) and get a window telling:
"Invalid Public Key Security Object File
This is an invalid Personal Information Exc
On Fri, Jun 06, 2003, Charles B Cranston wrote:
> Steve, the other reason I've been forced to move from x509 to ca
> is that ca appears to be the ONLY binary program that can sign
> SPKAC files. Is there another way to do this that I have missed?
>
Well if you need SPKAC support then yes curren
On Fri, Jun 06, 2003, rajagopalan ramanujam wrote:
> hi,
>
> I exported thawte server CA and verisign class3
> certificates from the browser for testing and
> converted to C structure using x509 -C -in xxx.cer >
> xxx.C and added to my SSL client. Following is the
> code below.
>
> I am calling
hi,
I exported thawte server CA and verisign class3
certificates from the browser for testing and
converted to C structure using x509 -C -in xxx.cer >
xxx.C and added to my SSL client. Following is the
code below.
I am calling this function in a loop to load the
certificates:
unsigned char thawt
Do I need to include the :443 when I apply for the certificate?
Thanks
CS
-Original Message-
From: pablo neira [mailto:[EMAIL PROTECTED]
Sent: Friday, June 06, 2003 4:41 AM
To: [EMAIL PROTECTED]
Subject: Re: Startup error
Swenson, Chris wrote:
>I have install apache 1.3.27 with openss
[EMAIL PROTECTED] wrote:
All those certificates are valid, and are in pem and x509 format.
When I add "SSLVerifyClient require" in httpd.conf, a window "Client
Authentication" appear but I can not select any certificate!!
1- It is important I can't install the user certificate in Personal tab ?
Hello,
I would like to use mutual authentication : authenticate the server and the
user.
I created a CA, a server and a client certificate signed by this CA.
I installed the CA certificate on my IE. I tested a connection to my server and
the server authentication seems to be good.
I installed m
Steve, the other reason I've been forced to move from x509 to ca
is that ca appears to be the ONLY binary program that can sign
SPKAC files. Is there another way to do this that I have missed?
Dr. Stephen Henson wrote:
On Fri, Jun 06, 2003, pablo neira wrote:
Dr. Stephen Henson wrote:
On Fri,
Here is an email I sent to the list back in March regarding what I think is the
same issue (this was entered into the bug database though, I don't know the bug
number). Basically, I saw the same issue with the ESA Blinding patch when
using a Broadcom card (engine ubsec). If I backed out the patch
On Fri, Jun 06, 2003, pablo neira wrote:
> Dr. Stephen Henson wrote:
>
> >On Fri, Jun 06, 2003, Kwan Hon Luen wrote:
> >
> >
> >
> >>Hi,
> >>
> >>How do I automate the signing of server certificate by a CA ?
> >>without the following prompt:
> >>
> >>(1) "Enter PEM pass phrase:"
> >>(2) "Sign th
Dr. Stephen Henson wrote:
On Fri, Jun 06, 2003, Kwan Hon Luen wrote:
Hi,
How do I automate the signing of server certificate by a CA ?
without the following prompt:
(1) "Enter PEM pass phrase:"
(2) "Sign the certificate?"
(3) "commit?"
Use the 'x509' utility instead, passphrase can be en
On Fri, Jun 06, 2003, Terence Leung wrote:
> Dear sir,
> I am writing Visual C++ to create secure communication socket.
> But when I use the function SSL_CTX_use_PrivateKey_file(),
> it always prompt "Enter PEM pass phrase:" to input the pass phrase in the screen.
>
> I want to as
On Fri, Jun 06, 2003, Kwan Hon Luen wrote:
> Hi,
>
> How do I automate the signing of server certificate by a CA ?
> without the following prompt:
>
> (1) "Enter PEM pass phrase:"
> (2) "Sign the certificate?"
> (3) "commit?"
>
Use the 'x509' utility instead, passphrase can be entered via -pas
I'd like to aperiodically update my CRL. Is there a way that I can tell
the x509 store to flush a CRL from it's cache, so that it reloads the
CRL on the next connection?
If the CRL is reloaded, is there a way to examine existing connections
to see if their certificate has been revoked?
Thanks
You have private key protected by password. To solve this, type:
OpenSSL>rsa -in -out
?ukasz Wojcicki
e-mail: [EMAIL PROTECTED]
__
OpenSSL Project http://www.openssl.org
User Support Mailing
On Thu, Jun 05, 2003, [EMAIL PROTECTED] wrote:
> Are we at cross-purposes here? I'm referring to server certificates, not
> client certificates (about which I am completely clueless as I currently
> have no business reason to use them).
>
> Anyway, the proof of the pudding is in the eating. Can y
[EMAIL PROTECTED] wrote:
Anyway, the proof of the pudding is in the eating. Can you point me to a
secure site that uses a key size >1024 bits? I can't find one for love nor
money.
This root certificate was found in the binary code for Netscape 7
Data:
Version: 3 (0x2)
Serial N
Dear sir,
I am writing Visual C++ to
create secure communication socket.
But when I use the function
SSL_CTX_use_PrivateKey_file(),
it always prompt "Enter
PEM pass phrase:" to input the pass phrase in the screen.
I want to
ask how can I modify the program so that the progr
> Hi everyone,
>
> when BIO_puts writes data after a handshake, is the data encrypted during
> the send?
Yes. You *can't* send unencrypted data over an SSL connection (unless you
negotiate a null cipher).
> I want to write a server to run to accept data from one
> connection(insecure) an
Dear John-
I have used >1024 certs on my test 2k server for SSL connections to a
browser, no problem. Encryption confirmed with a pacekt sniffer.
As PK encryption is a hybrid, the use of resource intensive Asymmetric
encryption (RSA or DH public key) is reserved for securely exchanging the 128
Swenson, Chris wrote:
I have install apache 1.3.27 with openssl-0.9.7b and mod-ssl2.8.13-1.3.27
This is all running on RH 8.0.
I installed the default certificate to play with and all was good.
I purchased a certificate from VeriSign and things are so so.
When the server starts in the ssl_engine_l
Hi!
--- Richard Levitte - VMS Whacker
<[EMAIL PROTECTED]> a écrit : > In message
> <[EMAIL PROTECTED]>
> on Thu, 5 Jun 2003 02:11:40 +0200 (CEST), mohamed
> zhaounia <[EMAIL PROTECTED]> said:
>
> mzhaounia> First, I am so thankful for your
> suggestion.
> mzhaounia> Well, i have added my cammand
Hi,
How do I automate the signing of server certificate by a CA ?
without the following prompt:
(1) "Enter PEM pass phrase:"
(2) "Sign the certificate?"
(3) "commit?"
Thanks.
Hon Luen
F:\openssl_test>openssl ca -policy policy_anything -out
test_cert.pem -config test.conf -infiles test_new.pem
Hi everyone,
I just revoked the OCSP responder certificate as you can see:
file index.txt --
R 040530223109Z 030605151409Z 03 unknown
/C=ES/ST=Andalusia/L=Seville/O=Mazinger Z inc./OU=pepe/CN=OCSP responder
prueba 2/emailAddress=ocsp
- end of index.txt -
openssl
> -Original Message-
> From: Ridge Cook [mailto:[EMAIL PROTECTED]
> Sent: 03 June 2003 03:10
> To: [EMAIL PROTECTED]
> Subject: Re: Minimum RSA Key length ?
>
>
> >>>To answer your other question, I don't believe there are
> >>any browsers that can accept a RSA key > 1024 bits. I did
32 matches
Mail list logo
