On Wed, Aug 11, 2004, [EMAIL PROTECTED] wrote:
> > Yes if you are trusting any certificate then you might as well use anon DH.
> >
> > Normally, for certificates, this is resolved by using a mutually acceptable
> > certificate or CA certificate which have been exchanged by some secure means.
> >
On Wed, Aug 11, 2004, Areg Alimian wrote:
> Hi Steve,
>
> Thank you for the quick response! There are indeed lots of options on the
> output format. Now if I just want to extract the common field string, do I
> search for "CN=" prefix or is there a better way?
>
Its not a good idea to attempt
In message <[EMAIL PROTECTED]> on Tue, 10 Aug 2004 22:32:14 +0200 (CEST), Juan Segarra
<[EMAIL PROTECTED]> said:
juan> man 3 engine
Heh, I had forgotten...
-
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte
In message <[EMAIL PROTECTED]> on Tue, 10 Aug 2004 15:20:48 -0300, "Roberto Gallo"
<[EMAIL PROTECTED]> said:
robertogallofilho> I would like to develop a new engine with some
robertogallofilho> crypto functions to with OpenSSL. Where can I get
robertogallofilho> information about the API?
I'm af
> Yes if you are trusting any certificate then you might as well use anon DH.
>
> Normally, for certificates, this is resolved by using a mutually acceptable
> certificate or CA certificate which have been exchanged by some secure means.
>
> Steve.
First of all thanks for your suggestions, i'll
Hi Steve,
Thank you for the quick response! There are indeed lots of options on the
output format. Now if I just want to extract the common field string, do I
search for "CN=" prefix or is there a better way?
Thank you once again,
-Areg
-Original Message-
From: [EMAIL PROTECTED]
[mail
On Wed, Aug 11, 2004 at 02:17:05AM -0600, RYAN vAN GINNEKEN wrote:
> commonName:PRINTABLE:'mail1.computerking.ca'
Try the CN *.computerking.ca. That's an asterik.
--
Ng Pheng Siong <[EMAIL PROTECTED]>
http://firewall.rulemaker.net -+- Cisco PIX & Netscreen Config Version Control
I have created my own root certificate and key so i can become my own
CA. Have created singed certs for my imap smtp and webmail server
using the common name computerking.ca. This works fine for mozilla but
with microsoft' s outlook and explorer i get errors about the CN name
not matching the s
On Wed, Aug 11, 2004, Chris Tojza wrote:
> Hi,
> I hope somebody can help me with the following
> problems.
> I am working to replace legacy BSAFE application with
> the OpenSSL and I have to work with the legacy BSAFE
> generated RSA keys.
>
> I am unable to read BSAFE private key that has BSAFE
On Wed, Aug 11, 2004, Areg Alimian wrote:
> Hi all!
>
>
>
> Is there a simple way to convert the certificate name blob to a null
> terminated char string using OpenSSL?
>
If you mean a human readable text string then calling X509_NAME_print_ex() to
a memory BIO is the most flexible solution.
Hi all!
Is there a simple way to convert the certificate name blob to a null
terminated char string using OpenSSL?
Thank you,
Areg
Hi,
I hope somebody can help me with the following
problems.
I am working to replace legacy BSAFE application with
the OpenSSL and I have to work with the legacy BSAFE
generated RSA keys.
I am unable to read BSAFE private key that has BSAFE
type:
KI_PKCS_RSAPrivateBER - This is ASN.1 key that is
Liam,
All you will need to do is comvert the PEM format to DER.
If you "user" cert is called me.pem then:
openssl x509 -in me.pem -outform DER -out me.cer
I think that is all you will need to do. I don't have access to my
openssl right now, but I have done this before to get the certs into t
On Wed, Aug 11, 2004, [EMAIL PROTECTED] wrote:
> > The anonymous DH ciphersuites (disabled by default) can perform SSL/TLS
> > without using certificates. To use these you need to set appropriate DH
> > parameters on the server side and enable the ciphersuites using an appropriate
> > cipher strin
Hi,
I have seen old posts around for the following error
but I haven't seen a resolution for sparc. I maintain
openssl-0.9.7d as a package on solaris8 and would like
to replace the sun ssl package used for the crypto
daughterboard with my package so I only maintain
openssl in one place. I also ma
Hi ,
I have the x509 v3 certificates, I would like to validate the BASIC
CONSTRAINTS FIELD.
Using X509_get_ext_d2i I will get the BASIC_CONSTRAINTS structure if it
is present.. How to extract and validate the cA and pathLenConstraint
from the structure?
Any inputs on this?
Thanks in advance.,
S
I have created my own root certificate and key so i can become my own
CA. Have created singed certs for my imap smtp and webmail server
using the common name computerking.ca. This works fine for mozilla but
with microsoft' s outlook and explorer i get errors about the CN name
not matching
Then I tried importing a certificate signed by my CA. But now it's
complaining that "Input not an X.509 certificate". Is it because my
extension is ".pem"?
Yes! I found the answer by going through some old threads in the Sun
Microsystems website. I had to convert the PEM certificate to a DER fil
> The anonymous DH ciphersuites (disabled by default) can perform SSL/TLS
> without using certificates. To use these you need to set appropriate DH
> parameters on the server side and enable the ciphersuites using an appropriate
> cipher string.
> However without some form of authentication the co
First post here, so: hello everybody ...
I'm working on a project which involves an embedded device running Java and
presenting the JCE API to applications. Currently the JCE provider used is
BouncyCastle. This works, but slowly, most conspicuously during generation of
RSA keys.
One course I a
20 matches
Mail list logo
