Well, those attributes will work (minus the IKE one-it was not
recognized) but the Watchguard does not assign it with a type of
IPSec, so I've contacted Watchguard support to request the expected
extended attributes for this. I will post a reply as soon as I know.
On Tue, Aug 26, 2008 at 1:41 PM,
This is a bug, per RFC 4549. Please submit a report to your vendor.
(The semantics of the OIDs were never well-defined, and they have been
obsoleted -- according to RFC4549, having keyUsage=digitalSignature
and no EKU should work for IPsec.)
In the [new_oids] section, add new lines:
pkixeku=1.3.
Hi Chris:
Chris Zimmerman wrote:
> Thanks to all of you in your assistance. With the recommended changes
> to the openssl.cnf file, I have successfully signed the CSR from the
> Watchguard box and imported it as a web cert (the Type that the
> Watchguard box sees). However, in order to use it fo
Hi All
I have been using this API to dump in my statistics logs whether the
SSL session is reused or not in a windows openSSL based client.
Everything was good till i was using 9.7e. The session reuse works
fine and the logs were correctly showing session reused as 1 and
sniffer traces rec
Thanks to all of you in your assistance. With the recommended changes
to the openssl.cnf file, I have successfully signed the CSR from the
Watchguard box and imported it as a web cert (the Type that the
Watchguard box sees). However, in order to use it for VPN tunnels,
the device needs it to be a
I have a program recently linked against 0.9.8g and it bombs out with:
read: received SSL error 1 (ret = -1)
error:140D5042:SSL routines:SSL3_CTRL:called a function you should not call
Anyone got any clues what could be the source of this problem?
It is extremely time-critical to a software deploy
Please remove yourself from the openssl mailing list following the
instructions at the bottom of this email.
-Kyle H
On Tue, Aug 26, 2008 at 11:56 AM, <[EMAIL PROTECTED]> wrote:
> I have no idea who you are,or what you are talking about,but, obviously you
> are sending this mail to the wrong adr
I have no idea who you are,or what you are talking about,but, obviously you are
sending this mail to the wrong adress. please check your source, and try a
different e-mail adress.
I have no idea who you are,or what you are talking about,but, obviously you are
sending this mail to the wrong adress. please check your source, and try a
different e-mail adress.
__
OpenSSL Project
I have no idea who you are,or what you are talking about,but, obviously you are
sending this mail to the wrong adress. please check your source, and try a
different e-mail adress.
__
OpenSSL Project
Chris:
On Tuesday 26 August 2008 12:58:22 Kyle Hamilton wrote:
> There is no ExtendedKeyUsage extension.
>
> To fix this, in your openssl.cnf file in section [usr_cert] there is a
> commented-out line that needs to be uncommented.
> # keyUsage = nonRepudiation, digitalSignature, keyEncipherment
>
[usr_cert] is the appropriate section.
This is above the [v3_req] section, at least in the vanilla 0.9.8h sources.
-Kyle H
On Tue, Aug 26, 2008 at 10:33 AM, Chris Zimmerman
<[EMAIL PROTECTED]> wrote:
> What is the appropriate section?
>
> Sorry if this is a basic question, but I am working on im
What is the appropriate section?
Sorry if this is a basic question, but I am working on improving my knowledge.
On Tue, Aug 26, 2008 at 10:24 AM, Patrick Patterson
<[EMAIL PROTECTED]> wrote:
> Chris:
>
> On Tuesday 26 August 2008 12:58:22 Kyle Hamilton wrote:
>> There is no ExtendedKeyUsage exten
thanks for catching that. :)
-Kyle H
On Tue, Aug 26, 2008 at 10:24 AM, Patrick Patterson
<[EMAIL PROTECTED]> wrote:
> Chris:
>
> On Tuesday 26 August 2008 12:58:22 Kyle Hamilton wrote:
>> There is no ExtendedKeyUsage extension.
>>
>> To fix this, in your openssl.cnf file in section [usr_cert] the
Chris:
On Tuesday 26 August 2008 12:58:22 Kyle Hamilton wrote:
> There is no ExtendedKeyUsage extension.
>
> To fix this, in your openssl.cnf file in section [usr_cert] there is a
> commented-out line that needs to be uncommented.
> # keyUsage = nonRepudiation, digitalSignature, keyEncipherment
>
There is no ExtendedKeyUsage extension.
To fix this, in your openssl.cnf file in section [usr_cert] there is a
commented-out line that needs to be uncommented.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
Then generate a new certificate.
-Kyle H
On Tue, Aug 26, 2008 at 9:20 A
Here's the cert for the Watchguard:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 15 (0xf)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=TX, L=Somewhere, O=Company, OU=System,
CN=Company Root CA/[EMAIL PROTECTED]
Validity
N
Good morning. I need help to renew licences which are used for connections of
OpenVPN servers using OpenSSL
All are due. The question is: If ending this time of the certificate How do I
create another certificate without losing the VPN connection? According to the
manual to create a certificat
openssl x509 -in [filename] -noout -text -inform PEM
-Kyle H
On Tue, Aug 26, 2008 at 8:44 AM, Chris Zimmerman
<[EMAIL PROTECTED]> wrote:
> That command seems to have a syntax problem, showing: "unknown option
> [cert.pem-inserted my cert here]"
>
>
>
> On Mon, Aug 25, 2008 at 10:55 PM, Tim Hudson
That command seems to have a syntax problem, showing: "unknown option
[cert.pem-inserted my cert here]"
On Mon, Aug 25, 2008 at 10:55 PM, Tim Hudson <[EMAIL PROTECTED]> wrote:
> Chris Zimmerman wrote:
>>
>> I am working to setup a Watchguard firewall with x509 certs for VPN
>> tunnels. I have c
Hi Chris:
On August 26, 2008 01:06:00 am Chris Zimmerman wrote:
> I am working to setup a Watchguard firewall with x509 certs for VPN
> tunnels. I have created my own CA on my laptop and I have created a
> CSR on the Watchguard product. I have then signed the CSR with my CA
> certificate success
21 matches
Mail list logo
