Re: adding crldistributionpoints without re-issuing the CA ?

2010-11-12 Thread Per Jessen
Patrick Patterson wrote: > Hi there: > > On 2010-11-12, at 12:04 PM, Per Jessen wrote: > >> I've discovered that Microsoft Exchange 2007, presumably also 2010, >> expects to have/check a CRL when setting up TLS for an SMTP >> connection. So far, I have not found a way to disable this check. >>

Re: compiling openssl dev-c++

2010-11-12 Thread g A b R i E L
Thanks Erik. I think that I could solved my problem. At least the project compiles. ;) Best regards from Chile. gabriel 2010/11/12 Erik Tkal > Are you linking with ws2_32.lib? > > > > *Erik Tkal** > *Juniper OAC/UAC/Pulse Development > > *From:* owner-o

Re: compiling openssl dev-c++

2010-11-12 Thread g A b R i E L
Hi Users. Me again, but this time I write to share the solution to my problem ;) To use openssl in Dev-C++ on Windows: 1.- Install Win32 OpenSSL v1.0.0aor Win32 OpenSSL v1.0.0a Light

Re: adding crldistributionpoints without re-issuing the CA ?

2010-11-12 Thread Patrick Patterson
Hi there: On 2010-11-12, at 12:04 PM, Per Jessen wrote: > I've discovered that Microsoft Exchange 2007, presumably also 2010, > expects to have/check a CRL when setting up TLS for an SMTP connection. > So far, I have not found a way to disable this check. > > Our root CA does not have a 'crlDi

adding crldistributionpoints without re-issuing the CA ?

2010-11-12 Thread Per Jessen
I've discovered that Microsoft Exchange 2007, presumably also 2010, expects to have/check a CRL when setting up TLS for an SMTP connection. So far, I have not found a way to disable this check. Our root CA does not have a 'crlDistributionPoints' setting, is it possible to add this without having

RE: compiling openssl dev-c++

2010-11-12 Thread Erik Tkal
Are you linking with ws2_32.lib? Erik Tkal Juniper OAC/UAC/Pulse Development From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of g A b R i E L Sent: Friday, November 12, 2010 10:56 AM To: openssl-users@openssl.org Subje

compiling openssl dev-c++

2010-11-12 Thread g A b R i E L
Hi Users. How I can compiling openssl in dev-c++ for Windows? I tried with -lssl and -lcrypto in linker option (Project->Project Options->Parameters->Linker), but it not work. Part of Compile log is: " C:/Dev-Cpp/lib/libcrypto.a(bss_conn.o)(.text+0x40):bss_conn.c: undefined reference to `conn.

reading DER encoded RSA cert file

2010-11-12 Thread furrbie
Hi, I am trying to read in a DER encoded RSA public key using d2i_X509_fp(); I have generated an RSA key using openssl with the following commands: 1. openssl genrsa -out privkey.pem 2048 2. openssl rsa -pubout -in privkey.pem -out pubkey.der -outform der In my C++ program, I coded the followi

Terminate chain at intermediate certificate.

2010-11-12 Thread Dimitrios Siganos
Hi, Is there a way to instruct openssl to treat an intermediate CA as a trusted CA, which need not have its issuer checked i.e. it will be the last certificate of the certificate chain. It seems that openssl insists on always terminating a chain at a self-signed certificate. However, in this case

Legal RSA exponents

2010-11-12 Thread Kenneth Goldman
OpenSSL will hang if one asks it to create a key with an illegal (e.g., even) public exponent. Is there a simple test for a legal public exponent? If not, is there a list of commonly used ones. 3,17,65537, ...

Re: Option -issuer_hash vs signature validation with -CAfile?

2010-11-12 Thread Jens Lechtenboerger
On 2010-11-09, Dr. Stephen Henson wrote: > On Tue, Nov 09, 2010, Jens Lechtenboerger wrote: > >> Hi there, >> >> I received an SMIME certificate and want to know the correct >> filename to use in the command "openssl smime -verify -CAfile >> ..." >> > > The hash based filename doesn't apply to t

Re: certificate chain

2010-11-12 Thread Petr
thx Hi Peter: On 2010-11-12, at 5:21 AM, Petr wrote: Hi, I need create Root CA and Sub CA, which will release certificate for web server and will have certificate chain ok. I tried it myself but all certificates were damaged and useless. Can me anyone please write a step by step manual?

Re: certificate chain

2010-11-12 Thread Patrick Patterson
Hi Peter: On 2010-11-12, at 5:21 AM, Petr wrote: > Hi, > I need create Root CA and Sub CA, which will release certificate for web > server and will have certificate chain ok. I tried it myself but all > certificates were damaged and useless. > Can me anyone please write a step by step manual?

certificate chain

2010-11-12 Thread Petr
Hi, I need create Root CA and Sub CA, which will release certificate for web server and will have certificate chain ok. I tried it myself but all certificates were damaged and useless. Can me anyone please write a step by step manual? Peter