Slight problemthat unknown_CA error for some reason only appears on the server side not the clientKyle Hamilton <[EMAIL PROTECTED]> wrote: A client certificate does not identify an IP or domain name, a clientcertificate identifies a user.A server certificate identifies an IP or domain name
I am not talking about the pem pass phrase here. I want a last line of authentication from the client. I want the server to have a list of common names of clients it trusts. With these client names also a client password will be stored on the server side. At runtime the server asks for this passwor
Hi,
I am working on a program that does bulk encryption key exchange similar
to SSH. I am running into a problem with RSA_private_decrypt, it
returns -1 and tells me padding error, no matter which padding scheme I
use. The main goal is to encrypt a Blowfish key to send over the wire
and t
On 4/2/06, Davidson, Brett (Managed Services) <[EMAIL PROTECTED]> wrote:
> I can set the Cisco certificate to authenticate to the W2K domain.
> That's reasonably simple.
> Deciding what to do about things after that gets a little interesting
> but that's another topic... :-)
>
> The anonymous conne
I can set the Cisco certificate to authenticate to the W2K domain.
That's reasonably simple.
Deciding what to do about things after that gets a little interesting
but that's another topic... :-)
The anonymous connection requirements for expired passwords I understand
but surely that's just a case
I take it that the easiest solution is to establish a
certificate-authenticated VPN instead then?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kyle Hamilton
Sent: Monday, 3 April 2006 11:26 a.m.
To: openssl-users@openssl.org
Subject: Re: Newbie question
The Cisco also needs to be exempted from the "authenticated domain
members" rule, unless you can set its identifying certificate up as
authenticatable to the domain. (You are authenticating against the
Windows 2000 domain, correct?)
There are known issues with restricting access to known machines
Title: Message
First some
background.
First issue: I'm
wanting to establish certificate-driven, IPSec-based authentication and
access on my local LAN. Participants are mainly Windows XP machines (including
some laptops via wireless access points which started this process) and a SUSE
Linu
Hello,
> BTW, Is DHE-RSA-AES256-SHA part of TLS cipher suite,
Yes, you can check this in RFC3268:
CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA = { 0x00, 0x2F };
CipherSuite TLS_DH_DSS_WITH_AES_128_CBC_SHA = { 0x00, 0x30 };
CipherSuite TLS_DH_RSA_WITH_AES_128_CBC_SHA = { 0x00, 0x31 }
I'm fairly sure the BITSTRING datatype for signatures was chosen by the
PKCS working group, which at the time was a mostly self-selected group of
experts organized by RSA. It certainly wasn't chosen by IETF. The X509v3
extension format was chosen by the X.509 group of ITU/ISO.
Hindsight's 20/2
- Signatures, uniqueIdentifiers etc. were not created by PKIX as far as
I remember.
It may be that they the same who are creating an inflation of data
encapsulated
in octet strings in PKIX are probably the same people.
If they didn't not understand ASN.1 20 years ago and did not make
prog
11 matches
Mail list logo
