No, you are not allowed to use MD5 for a checksum. The only reason
TLS skates around it (and can use MD5 internally) is because TLS
defines its PRF as an XOR of 5 rounds of MD5 against 4 rounds of
SHA-1, and SHA-1 is still secure enough.
-Kyle H
On Tue, Aug 18, 2009 at 5:42 AM, Pandit Panburana
Hello,
I have installed Win32OpenSSL-0_9_7m.exe. am unable to proceed further
on how to extract the spc and pvk files from the pfx file I have.
It would be of great help if any suggestions are provided; I don't see
any utility listed for OpenSSL in my programs list as well.
Where should
Hello guys
I have created three certificates: a root CA cert, a subRoot CA cert and
one client cert using M2Crypto. When I try to verify the trust chain I
receive 'unable to get issuer certificate'
This are the steps I walked:
# my certificates
$ ls *.crt
client.crt rootCA.crt subRootCA.crt
Azlan wrote:
>
> Hello every one..I'm working with an application in which a module should
> read a "pem" certificate successfully.I've written 2 types of programs,
> but both are failing(PEM_read constantly returning null )..here are my
> codes..
>
>
> #include
> #include
> #include
> #inc
Dear list,
another trial. ;)
We need to validate the existence and value of an X.509 extension in a client
certificate from within Apache/mod_ssl. The extension "Admission" is described
by ISIS-MTT and has OID 1.3.36.8.3.3:
AdmissionSyntax ::= SEQUENCE {
admissionAuthority GeneralName OPTI
Can you send the commands that you are using to run s_server and s_client?
On Tue, Aug 18, 2009 at 4:43 AM, vishal saraswat <
vishalsaraswat...@gmail.com> wrote:
> Hi all,
>
> I am sorry, I forgot to tell you that the final PEM I create is composed of
> key and certificate both.
>
> cat server_ke
Hello,
Yes, you are right. I can do it using the 'ca' command. Thanks for the
hint.
Gerald
On Tue, Aug 18, 2009 at 11:48 AM, Serge Fonville
wrote:
> Why don't you use the ca command?
>
>
> On Tue, Aug 18, 2009 at 9:38 AM, Gerald Iakobinyi-Pich > wrote:
>
>> Hello,
>>
>> So I have played arr
I could be wrong with this but I think it might be possible to use MD5 for the
purpose of checksum (fancy). I also believe HMAC_MD5 part of SSL/TLS is
acceptable.
Regards,
- Pandit
From: David Schwartz
To: openssl-users@openssl.org
Sent: Monday, August 17,
Remove
--- En date de : Mar 18.8.09, David Schwartz a écrit :
De: David Schwartz
Objet: RE: FIPS 14-2 vs MD5
À: openssl-users@openssl.org
Date: Mardi 18 Août 2009, 1h40
Roger No-Spam wrote:
> When building openssl in FIPS 140-2 mode, the MD5 algorithm is
> not available for use. There are,
Well, I am also getting same verify error (7), but the connection does not
break.
On Tue, Aug 18, 2009 at 5:13 PM, vishal saraswat <
vishalsaraswat...@gmail.com> wrote:
> Hi all,
>
> I am sorry, I forgot to tell you that the final PEM I create is composed of
> key and certificate both.
>
> cat s
Hi all,
I am sorry, I forgot to tell you that the final PEM I create is composed of
key and certificate both.
cat server_key.pem server server_cert.pem > server.pem
I read on some blogs that some server require both to be in one file that
why to be on safer side I started following this practice
Thanks guys,
All these comments helped a lot ! Things are working for me now.
On Tue, Aug 18, 2009 at 4:48 PM, Goetz Babin-Ebell wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> vishal saraswat schrieb:
> | Hi Serge,
> Hello cishal,
>
> | I use the following commands to start the serv
On Tue, Aug 18, 2009, Gerald Iakobinyi-Pich wrote:
> Hello,
>
> So I have played arround a little bit more yesterday, but with the same
> result.
> Attached are the the openssl.cnf I am using. The problem is the same, I do
> not know how to override the subject information from the config file
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
vishal saraswat schrieb:
| Hi Serge,
Hello cishal,
| I use the following commands to start the server and the client :
|
| Server:
| openssl s_server -accept // -cert //
You do know that the server needs the private key and the certifivate to
work ?
You should also provide the server's private key to the "openssl s_server"
command. From above, I see that your server's private key is server-key.pem,
therefore your command should be something as,
openssl s_server -accept ** -cert * -key
server-key.pem*
*
*
Here server-key.pem would be your serve
Hi Serge,
I followed this link but landed into the same problem.
I use the following commands to start the server and the client :
Server:
openssl s_server -accept ** -cert **
Client:
openssl s_client -connect localhost:**
I was wondering, do I need to do anything specific for client certifica
I forgot,
I used this as examples
http://www.g-loaded.eu/2005/11/10/be-your-own-ca/
Also, googling on openssl certificate authority seems to belp
On Tue, Aug 18, 2009 at 10:51 AM, Serge Fonville
wrote:
> The request is signed with the ca private key.
> What command do you use when you start the
The request is signed with the ca private key.
What command do you use when you start the s_server
HTH
Regards,
Serge Fonville
On Tue, Aug 18, 2009 at 10:38 AM, vishal saraswat <
vishalsaraswat...@gmail.com> wrote:
> Hi,
>
> To my surprise. I tried the same steps and I am getting a similar kin
Why don't you use the ca command?
On Tue, Aug 18, 2009 at 9:38 AM, Gerald Iakobinyi-Pich
wrote:
> Hello,
>
> So I have played arround a little bit more yesterday, but with the same
> result.
> Attached are the the openssl.cnf I am using. The problem is the same, I do
> not know how to override t
Hi,
To my surprise. I tried the same steps and I am getting a similar kind of
error.
Please help me as well, if you get a solution.
Thanks and regards,
Vishal
On Tue, Aug 18, 2009 at 1:32 AM, Abhishek Kane wrote:
> Hi,
>
> I am using following steps to create Ca & server certificate :
>
> 1. C
Hi,
I am using following steps to create Ca & server certificate :
1. Create CA certificate
shell> *openssl genrsa 2048 > ca-key.pem*
shell> *openssl req -new -x509 -nodes -days 1000 \*
*-key ca-key.pem > ca-cert.pem*
2. Create server certificate
shell> *openssl req -newkey rsa:2048 -da
Hello
I'm trying to import ecdsa certificates for a java server using the java
keytool utility. After having had trouble with openssl generated
certificates, I generated a certificate using the keytool utility to see
what the difference is. Upon running the "openssl x509 -in cert.crt
-noout -
I find this also annoying, but I don't know where this comes from ... :(.
Any ideas ?
2009/8/17 Serge Fonville
> I'm not sure about you guys, but I find this very annoying
>
> 2009/8/17
>
>> Dies ist eine automatisch erstellte Benachrichtigung +APw-ber den
>> Zustellstatus.
>>
>> +ANw-bermittl
Hello,
So I have played arround a little bit more yesterday, but with the same
result.
Attached are the the openssl.cnf I am using. The problem is the same, I do
not know how to override the subject information from the config file
(specified in the "req_distinguished_name" section), from the comm
25 matches
Mail list logo
