RE: Field CN and the certificates [solved]

2005-03-16 Thread Vu Pham
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Richard Sexton > Sent: Wednesday, March 16, 2005 10:28 AM > To: openssl-users@openssl.org > Subject: Re: Field CN and the certificates > > >> All the IEs show the same error. Netscape on Solaris even

Re: Key generation

2005-03-16 Thread Dr. Stephen Henson
On Wed, Mar 16, 2005, Michael D'Errico wrote: > Hi, > > I read somewhere that it is a good idea to > cryptographically hash your key material to > generate a key, so I wrote a function to do > that. I'm not exactly sure I'm doing what > they suggest, so if anyone cares to, can > you check over m

Re: Key generation

2005-03-16 Thread Michael D'Errico
I read somewhere that it is a good idea to cryptographically hash your key material to generate a key, so I wrote a function to do that. it's an even better idea to use well known/tested algorithm for key generation I haven't run across any; can you point me in the right direction? Or do you thin

Re: Key generation

2005-03-16 Thread Nils Larsch
Michael D'Errico wrote: Hi, I read somewhere that it is a good idea to cryptographically hash your key material to generate a key, so I wrote a function to do that. it's an even better idea to use well known/tested algorithm for key generation I'm not exactly sure I'm doing what they suggest, so i

Key generation

2005-03-16 Thread Michael D'Errico
Hi, I read somewhere that it is a good idea to cryptographically hash your key material to generate a key, so I wrote a function to do that. I'm not exactly sure I'm doing what they suggest, so if anyone cares to, can you check over my work and see if there are any weaknesses? Thanks in advance.

Re: Field CN and the certificates

2005-03-16 Thread Richard Sexton
>> All the IEs show the same error. Netscape on Solaris even shows "You have >> attempted to establish a connection with "abc.mydomain.com". However the >> security certificate presented belongs to "abc.mydomain.com" >> >> The thing makes me confused is the two host names that the warning dis

Re: Field CN and the certificates

2005-03-16 Thread Dr. Stephen Henson
On Wed, Mar 16, 2005, Vu Pham wrote: > > Currently I have a self-signed certificate as CA root. > I use this CA root to sign the cert B. I import CA root to my PC, and use > cert B on the web server. > > The following commands are what I used : > > 1. To create CA root > # openssl req -x509 -n

RE: Field CN and the certificates

2005-03-16 Thread Vu Pham
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Dr. > Stephen Henson > Sent: Wednesday, March 16, 2005 5:01 AM > To: openssl-users@openssl.org > Subject: Re: Field CN and the certificates > > On Wed, Mar 16, 2005, Vu Pham wrote: > > > > -Origi

Re: ocsp request behind a proxy

2005-03-16 Thread Wolfgang Aigner
I've found a solution: when I use the -path option, then everyting is all right. openssl ocsp -host www.ocsp-server.net:80 -path http://www.ocsp-server.net -issuer ca.pem -serial 4 -VAfile responderCert.pem But maybe the standard option should do this. If it seems reasonable for you, then I will

Re: Field CN and the certificates

2005-03-16 Thread Dr. Stephen Henson
On Wed, Mar 16, 2005, Vu Pham wrote: > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Tan Eng Ten > > Sent: Tuesday, March 15, 2005 11:33 PM > > To: openssl-users@openssl.org > > Subject: Re: Field CN and the certificates > > > > Back to your

RE: make test and make install errors

2005-03-16 Thread Kammen van, Marco, Springer SBM
Hi Alejandro, I'm having the exact same problem, are you compiled with shared library's enabled as well?? I emailed this too but haven't received any response yet. making install in crypto/err... making install in crypto/evp... making install in crypto/asn1... making install in crypto/pem...