On Thu, Jun 08, 2006, Phil Dibowitz wrote:
> Dr. Stephen Henson wrote:
> >
> > You have to explicitly enable copying extensions from a certificate
> > request to
> > a certificate in the config file. This is off by default because it is
> > potentially dangerous for the unwary. See the docs for m
On Fri, Jun 09, 2006 at 12:25:52AM +0200, Goetz Babin-Ebell wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> david kine schrieb:
> Hello David,
>
> > One more question: how do I, using the CA.pl script, generate a
> > certificate with a subjectAltName extension of type dNSName? The
Phil Dibowitz wrote:
> Dr. Stephen Henson wrote:
>>
>> You have to explicitly enable copying extensions from a certificate
>> request to
>> a certificate in the config file. This is off by default because it is
>> potentially dangerous for the unwary. See the docs for more info.
>
> Thanks, though
Dr. Stephen Henson wrote:
>
> You have to explicitly enable copying extensions from a certificate
> request to
> a certificate in the config file. This is off by default because it is
> potentially dangerous for the unwary. See the docs for more info.
Thanks, though I'm not sure which docs you're
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
david kine schrieb:
Hello David,
> One more question: how do I, using the CA.pl script, generate a
> certificate with a subjectAltName extension of type dNSName? The ones I
> have already generated do not have this field set.
> I suppose there is a
On Thu, Jun 08, 2006, Phil Dibowitz wrote:
> Didn't see a response to this the first time around, thought I'd give it
> another shot.
>
>
> I'm trying to create a CA that has the email address _only_ in
> SubjectAltNames (to follow PKIX "valid certificate" recommendations).
>
> This seems to be
Didn't see a response to this the first time around, thought I'd give it
another shot.
I'm trying to create a CA that has the email address _only_ in
SubjectAltNames (to follow PKIX "valid certificate" recommendations).
This seems to be a bit tricky.
Currently, I can get a req that looks right,
Hello Victor, Thank you very much, the code you provide is extremely useful! One more question: how do I, using the CA.pl script, generate a certificate with a subjectAltName extension of type dNSName? The ones I have already generated do not have this field set. I suppose there is an
Dr. Henson--
Adding in a call to OpenSSL_add_all_algorithms() fixed the error.
Thanks for the assistance.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopen
On Thu, Jun 08, 2006 at 11:40:04AM -0700, david kine wrote:
> My code to retrieve the common name from the subject field is:
> X509 *cert = [code not shown]
> char pName[ 256 ];
> X509_NAME *subj;
> subj = X509_get_subject_name( cert );
> X509_NAME_get_text_by_NID( subj, NID_commonNa
Hello, My secure client application performs post-connection fully-qualified-domain-name authentication. According to RFC 2818, "If a subjectAltName extension of type dNSName is present, that MUST be used as the identity. Otherwise, the (most specific) Common Name field in the Subject fiel
On Thu, Jun 08, 2006, David Gillingham wrote:
> I was able to convert the key as you instructed, and I overwrote the
> old RSA private key from my server.pem file with the new PKCS8 one. I
> am now a getting a different error message. From these new messages,
> I'm guessing OpenSSL is expecting
I was able to convert the key as you instructed, and I overwrote the
old RSA private key from my server.pem file with the new PKCS8 one. I
am now a getting a different error message. From these new messages,
I'm guessing OpenSSL is expecting a file in PKCS12 format, but that my
file does not mat
Hello,
After some calculations:
> Private-Key: (1095 bit)
> modulus:
> 4b:e9:e4:a6:3a:30:bc:0b:99:56:c6:b5:19:da:73:
> 79:f4:7f:35:15:d6:3f:4c:8d:e2:08:ab:43:c0:84:
> 0c:a2:69:98:5a:28:3a:fe:81:ac:ec:14:cb:97:8b:
> 48:b7:e6:b2:a9:fb:84:cf:88:77:2a:3b:6d:bf:e7:
> ed:7a:c7:92:34
here it is ::
--
Private-Key: (1095 bit)
modulus:
4b:e9:e4:a6:3a:30:bc:0b:99:56:c6:b5:19:da:73:
79:f4:7f:35:15:d6:3f:4c:8d:e2:08:ab:43:c0:84:
0c:a2:69:98:5a:28:3a:fe:81:ac:ec:14:cb:97:8b:
48:b7:e6:b2:a9:fb:84:cf:88:77:2a:3b:6d:bf:e7:
ed:7a:c7:92:34:75:9d:c8:6c:9
On Thu, Jun 08, 2006 at 07:05:36PM +0200, Marek Marcola wrote:
> > Also any non-anecdotal evidence that a 2048 bit key was actually
> > requested? Not sure how the private key will help, the *modulus* is
> > 1095 bits, and it is the same for the private and public keys.
>
> Private key has also p
On Thu, Jun 08, 2006 at 06:56:33PM +0200, Saurabh Arora wrote:
> in else case heres my private key :
>
> -BEGIN RSA PRIVATE KEY-
> Proc-Type: 4,ENCRYPTED
> DEK-Info: DES-EDE3-CBC,A7C341355547B565
>
> lOJoiNoFcvBmlxQbXiR+KQxw66ct9mxQ1KVIzB2HD/oGOxGgso5Cd5W7+2gA5hJ/
> Y/SBke/xdEjzn9dsMi8cQ
Hello,
> in else case heres my private key :
>
> -BEGIN RSA PRIVATE KEY-
> Proc-Type: 4,ENCRYPTED
> DEK-Info: DES-EDE3-CBC,A7C341355547B565
>
> lOJoiNoFcvBmlxQbXiR+KQxw66ct9mxQ1KVIzB2HD/oGOxGgso5Cd5W7+2gA5hJ/
> Y/SBke/xdEjzn9dsMi8cQM11Gj/CoczBYL30ec4x+YNBm8TiKe3mzX1utdzuOEIS
> dTk3zzMwQ47
Hello,
> > > what is 1095 bit key means??
> > Interesting, can you send private key for this certificate,
> > provided that you will be not use this key of course :-)
>
> Also any non-anecdotal evidence that a 2048 bit key was actually
> requested? Not sure how the private key will help, the *mo
hi
now on regeneration and changing the key is working fine.
so may be i misspelt and incidently added 1095 (if thats the case ..
then i m sorry for being silly)
in else case heres my private key :
-BEGIN RSA PRIVATE KEY-
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,A7C341355547B565
On Thu, Jun 08, 2006 at 06:32:54PM +0200, Marek Marcola wrote:
> Hello,
>
> > i generated a self signed certificate and i found this :
> >
> > Subject Public Key Info:
> > Public Key Algorithm: rsaEncryption
> > RSA Public Key: (1095 bit)
> > Modulus (1095
Hello,
> i generated a self signed certificate and i found this :
>
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
> RSA Public Key: (1095 bit)
> Modulus (1095 bit):
> 4b:e9:e4:a6:3a:30:bc:0b:99:56:c6:b5:19:da:73:
>
hi all
i generated a self signed certificate and i found this :
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1095 bit)
Modulus (1095 bit):
4b:e9:e4:a6:3a:30:bc:0b:99:56:c6:b5:19:da:73:
79:
On Wed, Jun 07, 2006, David Gillingham wrote:
> Hello all,
>
> I've been tasked to internally investigate a system that utilizes
> STunnel and OpenSSL to create a secure wrapper for a propietary
> protocol. Additionally, this solution must eventually be FIPS 140-2
> compliant.
>
> So, using ins
On Wed, Jun 07, 2006, David Gillingham wrote:
> Hello all,
>
> I've been tasked to internally investigate a system that utilizes
> STunnel and OpenSSL to create a secure wrapper for a propietary
> protocol. Additionally, this solution must eventually be FIPS 140-2
> compliant.
>
> 608008D: erro
25 matches
Mail list logo
