We diagnosed the problem. Our keystore is missing the private key.
Java code to export the private key failes. Even IBM keyman shows only
certificates. It is not as if somebody can delete the private key from
the keystore ?
Mohan
On Sat, Dec 5, 2009 at 6:28 AM, Dave Thompson
wrote:
>> From: owne
Dave Thompson wrote:
IME OpenSSL doesn't install into system locations like /lib by default.
You could specify --installdir and/or --prefix; or IME probably better,
install someplace like /usr/local/ssl or even
/usr/local/replace-openssl-0.9.8l
and then create links from the system locations to
> From: owner-openssl-us...@openssl.org On Behalf Of Hall, Leam
> Sent: Friday, 04 December, 2009 14:14
>We have to remove vendor supplied openssl.0.9.7.a and install from
source 0.9.8L.
> Removing vendor openssl package also removes /lib/libcrypto.so.4, and that
breaks
> lo
> From: owner-openssl-us...@openssl.org On Behalf Of Mohan Radhakrishnan
> Sent: Friday, 04 December, 2009 05:54
>
> We see this message "no available certificates or key
> corresponding to the cipher suites" even before establishing a
> handshake. It is a mutual handshake. So keystores and
First of all, I say sry to Kenneth personally as he answers the mail
to my personal address and everytime I hit reply I didn't realize that
I was sending mails to him. Sry Kennet...
In what topic concern I was replying that with a little of work I
understand how sha-1 format is with the 4bit hexad
Hall, Leam wrote:
First post, seeking help on the topic that will consume me for the
next two weeks...
We have to remove vendor supplied openssl.0.9.7.a and install from
source 0.9.8L. Removing vendor openssl package also removes
/lib/libcrypto.so.4, and that breaks lots of things like ssh.
"No available certificates or key corresponding to the cipher suites"
may also be associated with not calling
SSL_CTX_use_RSAPrivatekey[_*](3ssl), or the private key not matching
the public key in the certificate. use_certificate first, then
use_RSA_Privatekey.
And don't forget to call SSL_CTX_ch
make build-shared will generate so file.
But I'm not sure, but I don't think you can simply get rid of the 0.9.7
openssl... I'll let this to the others to tell... I guess It may be better
put openssl 0.9.8 on a different folder...
2009/12/4 Hall, Leam
> First post, seeking help on the topic th
First post, seeking help on the topic that will consume me for the next two
weeks...
We have to remove vendor supplied openssl.0.9.7.a and install from source
0.9.8L. Removing vendor openssl package also removes /lib/libcrypto.so.4, and
that breaks lots of things like ssh. I didn't find libcry
On Thu, Dec 3, 2009 at 11:34 AM, Frederik Mennes wrote:
> Hi everyone,
>
> I am using following function to load a private key from a certain slot of a
> HSM:
> EVP_PKEY *ENGINE_load_private_key( ENGINE *e,
> const char *key_id,
>
Hi,
I'm trying to trace the openssl library functions when called from
apache2 server.
I've put log messages in all functions of C files in
openssl-0.9.8g/crypto/aes directory and configured the apache2 server
to use the modified libcrypto.so
I've configured my mozilla firefox browser to use only
Carter Browne wrote:
> I think it is a problem with your website - the copy on the backup site
> works properly.
With all due respect ftp://stunnel.mirt.net/stunnel/ is hardly a website...
Best regards,
Mike
__
OpenSSL Project
Possibly not. I meant that there could be 3 problems
1. Algorithm mismatch
2. Certificate imported in an incorrect keystore.
3. No trusted certificate chain.
Trying to home in on one of the problems.
Thanks,
Mohan
On Fri, Dec 4, 2009 at 4:24 PM, Mohan Radhakrishnan
wrote:
> Hi,
>
> We see
Hi,
We see this message "no available certificates or key
corresponding to the cipher suites" even before establishing a
handshake. It is a mutual handshake. So keystores and truststores are
there on both sides. Algorithms are RSA.
Could this be caused due to a RSA bit size mismatch ? Would
sandeep kiran p wrote:
> Ours is an LDAP directory enabled application where we use SSL/TLS to
> protect binds to the directory. Right now we are using OpenSSL 0.9.8g to
> do this. Our application depends on external directory servers for
> authentication which are not maintained by us. So it is on
Hi list,
I've built a PEM certificate chain using this method:
cat certs/01.pem subCA.pem CA.pem > certs/01chain.pem
(As a side note, I think it should be documented somewhere in the
manpages, as I had to grope through the web to find the answer.)
It seems to work for my server using it (no
Hi list,
I've built a PEM certificate chain using this method:
cat certs/01.pem subCA.pem CA.pem > certs/01chain.pem
(As a side note, I think it should be documented somewhere in the
manpages, as I had to grope through the web to find the answer.)
It seems to work for my server using it (no
17 matches
Mail list logo
