On 09/13/2010 10:12 PM, Paul B. Henson wrote:
On Mon, 13 Sep 2010, Tim Hudson wrote:
You need to correct your server configuration so that it correctly sends
out the chain.
Ok, I figured out what was wrong. I only had the SSLCertificateChainFile
configured in the specific ssl virtual host, b
Hi David/Stefan,
Thanks for the reply.
The core of the problem was that after calling i2d_PUBKEY() issuer_pubkey
was pointing to end of the buffer.
Interesting part is why it was working [same pubkey data] all time in single
test program and not my application.
In single test program, issuer_pbuke
> From: owner-openssl-us...@openssl.org On Behalf Of ZK_ALI
> Sent: Monday, 13 September, 2010 08:49
> openssl smime -sign ... -signer
> certificate = abc.p7b
> Loading 'screen' into random state - done
> unable to load certificate
> 2140:error:0906D06C:PEM routines:PEM_read_bio:no sta
On Mon, 13 Sep 2010, Tim Hudson wrote:
> You need to correct your server configuration so that it correctly sends
> out the chain.
Ok, I figured out what was wrong. I only had the SSLCertificateChainFile
configured in the specific ssl virtual host, but not the default ssl
virtual host. When I add
On 9/13/10 2:58 PM, Paul B. Henson wrote:
On Mon, 13 Sep 2010, Chris wrote:
Be careful you are not checking the web server from a browser that has
the intermediate certificate installed.
I initially installed just the new cert on the web server, and the web
browsers were generating cert secur
Hi Paul,
Can you test the SSLCertificateChainFile instructions from the following
site : http://www.cam.ac.uk/cs/tlscerts/deploying-thawte.html?
Your problem could come from the fact that your Apache
SSLCertificateChainFile configuration is missing the Thawte Cross Root
CA that links "thawte
On Mon, 13 Sep 2010, Tim Hudson wrote:
> Try gnutls without the TLS extensions processing occurring and you will
> see that the server is not sending back the certificate chain:
Hmm, so the server isn't volunteering the chain, but if the client is smart
enough to ask for it it will provide it :)?
> From: owner-openssl-us...@openssl.org On Behalf Of
muell...@mathematik.hu-berlin.de
> Sent: Monday, 13 September, 2010 05:08
> > md5(admin [NO NEWLINE])= 21232f297a57a5a743894a0e4a801fc3
> The next step is to understand the insertion of salt. I tried to
> understand 'enc.c' and 'evp_key.c', f
On Mon, 13 Sep 2010, Chris wrote:
> Be careful you are not checking the web server from a browser that has
> the intermediate certificate installed.
I initially installed just the new cert on the web server, and the web
browsers were generating cert security errors. I then went back and added
the
On Mon, 13 Sep 2010, Ashish Thapliyal wrote:
> From the openssl s_client log it looks like the server is not sending the
> whole certificate chain. You should be seeing something like: cert>
>
> I am not familiar with apache, but from the documentation at
> http://www.apache-ssl.org/docs.html#
Be careful you are not checking the web server from a browser that has the
intermediate certificate installed.
Obtain the root certificate - and only the root certificate - that is likely to
be present in a random user's browser and save it as thawte_root_cert.pem
openssl s_client -verify 10 -C
>From the openssl s_client log it looks like the server is not sending the
>whole certificate chain. You should be seeing something like:
I am not familiar with apache, but from the documentation at
http://www.apache-ssl.org/docs.html#SSLCACertificateFile, my guess is that you
have not adde
We just installed our first Thawte cert that uses their intermediate CA's,
and it's not going as smoothly as I'd like.
It's installed on an Apache server with mod_ssl, and I added the
intermediate root CA's to the apache config with the SSLCACertificateFile
directive. Web browsers seem happy with
Solaris 9 117560-06 & 111* patch for libm.so, I think might fix this.
Do a search on sunsolve.
--- "BISHT, SEEMANT (SEEMANT)" wrote:
> > > > > > > class=459000609-17082010>Can you please tell me how to compile
openssl li> brary
> in 64-bit type? As when compiling the openssl, and checking
Hi there,
I wrote a server-like program in charge of verifying incoming users'
X.509 certificates
using a list of CAs and their associated CRLs.
The program uses a global X509_STORE to hold CA certificates and CRLs.
The global X509_STORE is built during the initialization of the server
using X
Hi,
> To: openssl-...@openssl.org, openssl-users@openssl.org
One list really would have been enough ...
(snipp)
> issuer_pubkey = malloc(issuer_pubkey_len);
> i2d_PUBKEY(pubKey, &issuer_pubkey);
The fact that you need to pass the _address_ of issuer_pubkey hints
at amodification of
>> i am wondering how key derivation in openssl works, I got
>>
>> > > openssl enc -des -P -k 'admin' -nosalt
>> key=21232F297A57A5A7
>> iv =43894A0E4A801FC3
>>
>> as far i understand the documentation, in this setting the
>> key and iv are
>> just taken from
>>
>> md5(admin)=456b7016a916a4b178dd72
On September 11, 2010 10:58:44 am kummers wrote:
> Please, help me:
>
>
> How can I edit a CSR, i neew to chane the filds, for axample. edit the
> common name, I've been looking but have not found anything in the forum
>
You cannot edit a CSR - it is a signed structure - why don't you just re-
g
Dear Expert,
I am unable to sign using the following command
openssl smime -sign -in -out
-outform pem -inkey -signer
Where input filename = 1.txt
output filename = 2.txt
certificate = abc.p7b
Content of 1.txt is as follow
This is testing file for attachement.
On 9/12/2010 11:38 PM, Raj Singh wrote:
issuer_pubkey_len = i2d_PUBKEY(pubKey, NULL);
issuer_pubkey = malloc(issuer_pubkey_len);
i2d_PUBKEY(pubKey, &issuer_pubkey);
memory_dump("issuer_pubkey", issuer_pubkey, issuer_pubkey_len);
The problem, is issuer_pubkey buffer is different each time, I run
hello all.
I am trying to use AES128ctr mode in openssl. I am using my hardware driver for
the same for encryption and decryption through openssl. Encryption is working
fine but during decryption it gives bad decryption error. I am using the
following commands
openssl enc -e -in infile -out en
Please, help me:
How can I edit a CSR?
Thanks,
--
View this message in context:
http://old.nabble.com/EDIT-FILDS-CSR-tp29673141p29673141.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Projec
Hi
Please how can i edit a CSR?
Regards,
Emmanuel Guiton wrote:
>
> Hello,
>
> Thank you, it works like a charm.
> Just have to solve the date problem, now.
>
> - Emmanuel
>
>
> Marek Marcola wrote:
>> Hello,
>>
>>
>>>In the issuer and subject fields, I must include a dnQualifier
Hello,
i am wondering how key derivation in openssl works, I got
> openssl enc -des -P -k 'admin' -nosalt
key=21232F297A57A5A7
iv =43894A0E4A801FC3
as far i understand the documentation, in this setting the key and iv are
just taken from
md5(admin)=456b7016a916a4b178dd72b947c152b7
but obviousl
24 matches
Mail list logo
