Bear Giles wrote:
> Issuer DN and serial number are unique.
Yes, but we have a central identity system that uses GUIDs to ...
everything. We want to do it for cerificates as well. We want said GUID
to be in the certificate.
Serial number is typically used for renewals, I don't want to step on tha
Issuer DN and serial number are unique. In practice you'll need
to consider whether you'll be dealing with anyone other than
competent CAs (organizations and individuals). "openssl ca" is
great but it's trivial to produce multiple certs with the same
issuer DN and serial number.
Bear
Phil Dibow
We'd like to tie all of our certificates to a unique identifier in a
DB... is there an attribute out there, perhaps in the PKIX extensions or
x509v3 extensions or somewhere else that would be a reasonable place for
this?
Thanks,
--
Phil Dibowitz
P: 310-360-2330 C: 213-923-5115
Unix Admin, Ticketm
Greetings,
We are using OpenSSL
with OpenOSP to set up a CA and getting following error while initializing the OSP
server.
We would greatly appreciate if you can
throw some pointers :
22:57:56.499 01
ccmldap.c ccm_lookup_ldap_by_subje 0224 Checking for CA certificate
first22:57:56.
Hi Ted,
Thanks for the info!
<*BobL*>
| -Original Message-
| From: [EMAIL PROTECTED]
| [mailto:[EMAIL PROTECTED] Behalf Of
| Bernhard Froehlich
| Sent: Thursday, November 17, 2005 12:51 PM
| To: openssl-users@openssl.org
| Subject: Re: Disabling Weak Encryption
|
|
Greetings,
We are using OpenSSL
with OpenOSP to set up a CA and getting following error. Would greatly
appreciate if you can throw some pointers :
22:57:56.499 01
ccmldap.c ccm_lookup_ldap_by_subje 0224 Checking for CA certificate
first22:57:56.499 01 ccmldap.c ccm_lookup_ldap_by_su
On Fri, Nov 18, 2005, Robin Hughes wrote:
>
>
> Am I misunderstanding something about the
> compatibility of "-outform DER" with
> d2i_RSAPublicKey??
>
Yes, the formats are incompatible. You need d2i_RSA_PUBKEY() instead.
Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepag
sounds good I will try that thanks,
Perry
mclellan, dave wrote:
The SSL socket and the raw socket are not two different physical
descriptors. By using SSL_set_fd you are merely associating the file
descriptor with the higher level SSL protocol. SSL needs the physical socket
you created to do
The SSL socket and the raw socket are not two different physical
descriptors. By using SSL_set_fd you are merely associating the file
descriptor with the higher level SSL protocol. SSL needs the physical socket
you created to do its own I/O on.
My application (previously non-SSL enabled, we add
hello,
In my code I have a normal socket and I am using SSL_set_fd to turn it
into an SSL socket. After I have make it an SSL socket I no longer need
or want to the original socket. I have tried closing it after the
SSL_set_fd but this make the SSL socket no good.
What I want is to have on
Hello,
I'm would like to generate a key pair using the
openssl command line utilities and store them in
files. The private key will be used by a Java program
that will do the signing. The public key will be used
by a C++ program (using openssl lib) to do the
verification.
I am having trouble re
Hello,
I'm stress-testing a server. My client creates multiple, concurrent,
asynchron socket connections (single thread).
All connections use the same CTX. After successfull ssl handshake
I get the reference of a session by SSL_get1_Session(), connections
try to reuse that session thru SSL_set_ses
12 matches
Mail list logo
