RE: Need help with signing a csr with a openssl generated CA.

> From: owner-openssl-us...@openssl.org On Behalf Of Andy GOKTAS > Sent: Friday, 27 August, 2010 13:00 > To: openssl-users@openssl.org > Subject: Need help with signing a csr with a openssl generated CA. > > Hello, > > We're trying to generate self signed certs and don't seem to > keep the att

RE: Fallback certs

> From: owner-openssl-us...@openssl.org On Behalf Of Devin Ceartas > Sent: Friday, 27 August, 2010 16:21 > To: openssl-users@openssl.org > Subject: Fallback certs > > Is it possible to have a preferred certificate (say, one I created > myself and signed with my own root) and have connections to

RE: Verify X.509 certificate, openssl verify returns bad signature

> From: owner-openssl-us...@openssl.org On Behalf Of Peter Sylvester > Sent: Sunday, 29 August, 2010 05:44 > The encoding is invalid BER. > The openssl is tolerant but also destructive in copy. > > whenever you use openssl x509 -in -out ... you remove one > leading 0 octet. > > IMHO openssl sh

RE: Connection Resetting

> From: owner-openssl-us...@openssl.org On Behalf Of Sam Jantz > Sent: Friday, 27 August, 2010 18:16 > I have a question concerning Keep-Alives. I'm writing a SSL proxy > (which is working great except for this issue) and every time I > [POST about 470KB rather than about

Re: Verify X.509 certificate, openssl verify returns bad signature

On 08/29/2010 07:38 PM, Mounir IDRASSI wrote: Hi Peter, Thank you for your comments. As I said, this kind of debates can be very heated and going down this road don't lead usually to any results. The debate may be whether and how something should be done in openssl, I admit I had started that

Re: Verify X.509 certificate, openssl verify returns bad signature

On 08/29/2010 01:20 PM, Mounir IDRASSI wrote: Hi Peter, Although the certificate's encoding of the serial number field breaks the BER specification about the minimal bytes representation, it is known that many CA's and libraries treat this field as a blob and usually encode it on a fixed length

Need help with signing a csr with a openssl generated CA.

Hello, We're trying to generate self signed certs and don't seem to keep the attributes after a csr is signed by a self generated CA via openssl (i.e.: OIDs specified in openssl.cfg drop off the server cert after signed, thus creating a V1 cert). Here is an example of the syntax I'm using:

Need help with signing a csr with a openssl generated CA.

We're trying to generate self signed certs and don't seem to keep the attributes after a csr is signed by a self generated CA via openssl (i.e.: OIDs specified in openssl.cfg drop off the server cert after signed, thus creating a V1 cert). Here is an example of the syntax I'm using: Generat

Re: Verify X.509 certificate, openssl verify returns bad signature

Hi Peter, Although the certificate's encoding of the serial number field breaks the BER specification about the minimal bytes representation, it is known that many CA's and libraries treat this field as a blob and usually encode it on a fixed length basis without caring about leading zeros. Specif

Re: Verify X.509 certificate, openssl verify returns bad signature

The encoding is invalid BER. The openssl is tolerant but also destructive in copy. whenever you use openssl x509 -in -out ... you remove one leading 0 octet. IMHO openssl should reject the cert because of invalid encoding. On 08/29/2010 04:17 AM, Mounir IDRASSI wrote: Hi, The problem you a