RE: Quick question about 'client-ssl-warning' => 'Peer certificat e not verified'

Title: Message Just to conclude my unanswered rantings, I switched back to using LWP and Crypt::SSLeay. Setting HTTPS_CA_FILE enables peer verification requirements. The HTTPS_CA_DIR setting doesn't work, they all just get ignored regardless of the filenaming, extension or format.   Thankful

Change key encryption algorithm

Is it possible to change the algorithm used to encrypt private keys (when used with 'openssl req -newkey ...)? I'd like to use AES256 instead of triple-DES. Thanks! -- Ian Pilcher[EM

Openldap userCertificate;binary:< file question

Hello All, I was wondering what you all thought about this problem I have encountered. All the googling and open information suggests that loading a certificate into openldap in an ldif file should be in PEM format. However my ldif looks like this: userCertificate;binary:< file:///home/vchevali

Re: Need objective arguments against double certificate

On Fri, Jun 17, 2005 at 08:21:41AM -0600, Brant Thomsen wrote: > The exchange below actually reflects what I think is the strongest argument > against the proposed design change. Successful businesses always prefer > what works to something new or innovative. With security, that tendency > shoul

RE: Need objective arguments against double certificate

The exchange below actually reflects what I think is the strongest argument against the proposed design change. Successful businesses always prefer what works to something new or innovative. With security, that tendency should be even stronger, since an architecture can only be considered "secure

How to use Freshest CRL extension?

Hello I have to use Freshest CRL extension in my application, but I didn't find any NID_* for this extension in obj_mac.h, so I can't use X509_get_ext_d2i(). How to get this extension from a certificate and a CRL with the aid of OpenSSL? Daniel (feel free to correct my English) -- Promocj

Re: openssl base64 problems (--> bug?)

Is this an openssl base64 bug? With a particular message I don't get the correct size of the decoded message. The base64 encoded file itself looks good. Other tools than openssl does base64 decode correct. cmdline example: openssl base64 -d -in text.pem -out text.der --> size of text.der = 5280

index.txt file 'update'

Hi, I have issued a certificate which expired a while ago. Now, when I try to sign certificate request (with the same DN) openssl reports the following error: ERROR:There is already a certificate for '/C=AM/O=kuku/CN=mumu' It reports that certificate with such DN already exists. Pr

RE: [Fwd: Re: Queries over OpenSSL programs]

Gayathri Sundar, Thanks for your help. -Rohan > Hi there, > > Can any body please tell me, > where can I find the answers to these questions? > > Thanks > -Rohan > > > Original Message > Subject: Re: Queries over OpenSSL programs > From:

Re: Need objective arguments against double certificate

Hello coco, coco coco wrote: User's keys are escrowed in a central database, completely separated from the application system (physically and logically, on a remote site). The escrow database is encrypted with two keys (double encryption, one on top of another). The two keys are kept in USB tok