Hi,
I am compiling openssl and it cannot find /usr/local/lib where I have
put the libssl and libcrypto libraries. It works ok when compiled
statically. I verified that -L/usr/local/lib is in the gcc command that
creates openssl. I have a build file with:
CFLAGS="-I/usr/local/include"
LDFLAGS
Patrick Heim wrote:
Does anoyne know of a tool or a way to script OpenSSL to:
1. Connect to an SSL enabled server
2. Retrieve the server certificate
3. Parse it for the certificate expiration date
It is easy to setup nagios to give N-days advance notice of expiring certs.
I put this in checkcomm
The code to "understand" the notAfter output is fairly
simple. You can use either Date::Parse or a kluge using
Date::Calc like this:
use Date::Calc(
qw"Decode_Month Add_Delta_YMDHMS Date_to_Time Date_to_Text Timezone"
);
print ($ed=),"\n"; # < This is the output from -enddate:
if ( ($m,$d,$
Patrick Heim wrote:
> Does anoyne know of a tool or a way to script OpenSSL to:
>
> 1. Connect to an SSL enabled server
> 2. Retrieve the server certificate
> 3. Parse it for the certificate expiration date
Well, you can use "openssl s_client" to connect
to the server:
openssl s_client -conne
Does anoyne know of a tool or a way to script OpenSSL to:
1. Connect to an SSL enabled server
2. Retrieve the server certificate
3. Parse it for the certificate expiration date
I would like to loop through the output of our periodic security scans
that detect SSL services and build a report of
Hello All,
When using the openSSL 0.9.7b PKCS #12 API calls to parse an
X.509 PKCS 12 certificate, I get the following errors:
2185571712:error:06074079:digital envelope routines:EVP_PBE_CipherInit:unknown
pbe algorithm:evp_pbe.c:89:TYPE=pbeWithSHA1And3-KeyTripleDES-CBC
2185571712:
> The important question is, "who signed the certificate you created?"
>
> Typically, the certificate is signed by a trusted Certificate
> authority (CA) where "trusted" means that your browser has the CA's
> root certificate in it's list of trusted CA's. Look at your browser.
> There are probably
Sorry for posting that question.
I found the command that we should use.
thanks,
Jayashree
> I was wondering if there is any ssl command that I can use in a c program
> to retrieve the ssl tunnel key, once I have the ssl tunnel established.
>
> I read that "sess_id" can be used in the comma
I was wondering if there is any ssl command that I can use in a c program
to retrieve the ssl tunnel key, once I have the ssl tunnel established.
I read that "sess_id" can be used in the command line, is there anything
similar that we can use in a c program?
Thanks,
Jayashree
___
ohaya wrote:
Hi,
I'm trying to setup Tomcat as a standalone web server with SSL client
and server authentication, and I'm generally following the procedure at:
[snip]
Beyond that, is my assumption that the "openssl pkcs12" should have
caused the CA cert to be included in the keystore correct? Or,
Liam Escario wrote:
>
> Hey Jim,
>
> Thanks for the clarification there. That's how I thought it should
> behave =)
>
> Now if only I could get to figure out how to read my client certificate in
> Java. I'm always getting null... I've tried using both,
>
> String cipherSuite = (String)
>
Hi~
I want to add a new cipher algorithm "SEED" to OpenSSL.
So, I want to use new cipher suites such as SSL_CS_RSA_SEED_CBC_MD5,
SSL_CS_RSA_SEED_CBC_SHA.
In OpenSSL, Which parts must be changed?? Or How can I attach the SEED to OpenSSL??
thanks~
Hi,
I need to figure out a way to decrypt an entire tcp dump.
I know ssldump exists, but this is for some of our own stuff which
relies on SSL and does not pass HTTP over it.
I have been going through the docs of the API man pages and managed to
get a small client using some Perl moduls and back
Hey Jim,
Thanks for the clarification there. That's how I thought it should
behave =)
Now if only I could get to figure out how to read my client certificate in
Java. I'm always getting null... I've tried using both,
String cipherSuite = (String)
request.getAttribute("javax.net.ssl.cipher_
Regards the last point on CDP's - jim - have you ever got IE to
correctly check the CRL from the CDP even with this enabled in the
settings?
I have my CA's CDP pointing at a location on my web server and IE seems
to totally ignore it!
Dean
-Original Message-
From: [EMAIL PROTECTED]
[
Liam Escario wrote:
>
> Hi Peter,
>
> You mentioned:
>
> >So, when the PKI client in my (for example) web browser connects to your
> >IIS server, my web browser's PKI client will connect to the Certifying
> >Authority URL that you specified when you created your SSL certificate
>
> what do yo
16 matches
Mail list logo
