Hi all,
I am using a self signed certificate as a CA certificate.
My entity certificate is signed by this self signed CA. in my test programs
But another programmer who is doing client part is saying I need to
include keyUsage field in my self signed certifcate refering to RFC
3280 ( section 4.2.
On Tue, Oct 02, 2007, BSC wrote:
>
>
> Thanks a lot frieds, the problem is solved
>
> But can U help me with creation og CRL version1 instead of v2?
If any extensions are present the CRL must be V2.
Check the config file. Make sure there are no explicit CRL extensions
(by default there wont b
> Viktor, out network is secure, but clients outside our network will
> access it over the internet. I'm concerned about the client sending
> his username/password in clear text over the internet, and thought SSL
> would do the encryption trick with ease, using a self-signed
> certificate.
>
> And
On Tue, Oct 02, 2007 at 08:17:23PM +0200, Andreas Hellstr?m wrote:
> > Why do you need SSL anyway? If your network is secure, why encrypt?
> > If traffic can be diverted, why not authenticate?
>
> Viktor, out network is secure, but clients outside our network will
> access it over the internet. I
On Tue, Oct 02, 2007 at 08:01:25PM +0200, Andreas Hellstr?m wrote:
> David, thank you for answering. I really appreciate it as a newbie in
> the SSL arena.
>
> As for the need of encryption, I didn't want the username/password to
> be sent in clear.
Because you are concerned about the network no
> Why do you need SSL anyway? If your network is secure, why encrypt?
> If traffic can be diverted, why not authenticate?
Viktor, out network is secure, but clients outside our network will
access it over the internet. I'm concerned about the client sending
his username/password in clear text over
David, thank you for answering. I really appreciate it as a newbie in
the SSL arena.
As for the need of encryption, I didn't want the username/password to
be sent in clear.
What model would you suggest yourself, given a large number of servers
(50-100) that should be able to serve future clients
On Tue, Oct 02, 2007 at 07:16:19PM +0200, Andreas Hellstr?m wrote:
> Thanks for answering. The ADH ciphers is a little above my head right
> now though. ;-)
That means that what you are trying to do is beyond your present ability
to understand, security is about threat models and mitigations, and
> As for the approach I'm sketching, I was under the impression that SSL
> could function as easy as that, where the server has got a self-signed
> certificate with a public and secret key, and then whatever client,
> with a certificate on their own, could connect to the server with SSL
> and get
Thanks for answering. The ADH ciphers is a little above my head right
now though. ;-)
As for the approach I'm sketching, I was under the impression that SSL
could function as easy as that, where the server has got a self-signed
certificate with a public and secret key, and then whatever client,
wi
BSC wrote:
>
> Hello
>
> I need to generate unsigned (not signed by any certificate) CRL
>
> How can I do this? Maybe it is possible to crack signed CRL and eraze a
> signature?
>
> Please help
>
> Regards,
> BSC
>
> P.S.
>
> How can I create a CRL of first versiov (version 1 instead of v
On Tue, Oct 02, 2007, Benjamin Fleckenstein wrote:
> Hi all,
>
> I'm trying to verify a PDF that was signed with S-Trust Sign-IT. Thats a
> software sold by a german bank and used for qualified digital signatures.
> >From a technical point of view its just an SMIME Signature.
>
> I'm running thi
Hi,
I would like to know since what version of openssl supports TLS 1.1. I tried
the changelog webpage (http://www.openssl.org/news/changelog.html) but cannot
find it. Please tell me if you know the answer or you know where to find the
answer. Thank you.
Thanks for your time.
Hung Lin
Sof
On Tue, Oct 02, 2007 at 08:43:04AM -0700, David Schwartz wrote:
>
> Andreas71 wrote:
>
> > I'm creating a web service in Erlang, using OpenSSL. I want the clients to
> > communicate with the server over SSL. I'm only interested in the
> > encryption
> > part of SSL, so I don't need any certifica
Andreas71 wrote:
> I'm creating a web service in Erlang, using OpenSSL. I want the clients to
> communicate with the server over SSL. I'm only interested in the
> encryption
> part of SSL, so I don't need any certificates signed by Verisign/etc to
> verify that the server really is The Server. Th
Deep Chand schrieb:
Thanks Ted for a quick reply. I can receive data as you suggested. I use this
option on s_server. I guess it should do mutual authentication. Correct?
s_server -cert "D:/ssl/src/Keys/usingUIforopenssl/servernewpublic.pem" -key
"D:/ssl/src/Keys/usingUIforopenssl/servernewpriva
Hi all,
I'm trying to verify a PDF that was signed with S-Trust Sign-IT. Thats a
software sold by a german bank and used for qualified digital signatures.
>From a technical point of view its just an SMIME Signature.
I'm running this command:
[EMAIL PROTECTED]:~/test/openssl/strust$ openssl smime
Thanks Ted for a quick reply. I can receive data as you suggested. I use this
option on s_server. I guess it should do mutual authentication. Correct?
s_server -cert "D:/ssl/src/Keys/usingUIforopenssl/servernewpublic.pem" -key
"D:/ssl/src/Keys/usingUIforopenssl/servernewprivate.pem" -CAfile
"D:/s
This is somewhat new to me so I'm not really sure I describe it correct. I
spent an hour searching the forum without finding and answer, so I try
posting instead.
I'm creating a web service in Erlang, using OpenSSL. I want the clients to
communicate with the server over SSL. I'm only interested i
Deep Chand schrieb:
Hi,
I have written a test client in java and using openssl s_server to verify
the connection, mutual authentication. I used keytool to generate
self-signed certificates (JKS ) and then used keytool UI (freeware) to
generate the certs in PKICS#12/PEM format for openssl. I use
Hi,
I have written a test client in java and using openssl s_server to verify
the connection, mutual authentication. I used keytool to generate
self-signed certificates (JKS ) and then used keytool UI (freeware) to
generate the certs in PKICS#12/PEM format for openssl. I use the following
command
Rick King wrote:
Hello List!
I have a client that is using openssl version, 0.9.7a
Feb 19 2003. Recently, he ran a security audit on his
machine, and the report came back stated the
following:
Vulnerability -- imaps (993/tcp) - 21643Synopsis
: The remote service supports the use of weak SS
On Mon, Oct 01, 2007, Bill Colvin wrote:
>
> One might expect that aes-256-cbc would operate the same regardless of
> whether it is FIPS mode or not. Am I missing something here?
>
>
You aren't just using aes-256-cbc you are also using a key derivation
algorithm that converts the password in
Hello,
> I complile ssl_server.c (attachment file), then I run it. But there is
> an error appear below:
>
> [EMAIL PROTECTED] Codevidu]# gcc -o ssl_server ssl_server.c -lssl
> -lcrypto
> [EMAIL PROTECTED] Codevidu]# ./ssl_server 8000
> ./ssl_server: error while loading shared
> libraries: /lib/l
Victor Duchovni wrote:
> We have received advisories about a recent off-by-one DoS in
> SSL_get_shared_ciphers() patched in CVS for 0.9.7m and 0.9.8e.
>
> Should we patch and rollout updated 0.9.7m/0.9.8e or wait a short time
> for 7n/8f?
>
>
There will eventually be new releases in the near fut
Hi all of you
I complile ssl_server.c (attachment file), then I run it. But there is an
error appear below:
[EMAIL PROTECTED] Codevidu]# gcc -o ssl_server ssl_server.c -lssl -lcrypto
[EMAIL PROTECTED] Codevidu]# ./ssl_server 8000
./ssl_server: error while loading shared libraries: /l
26 matches
Mail list logo
