Am 07/18/2011 08:09 PM, schrieb y...@inbox.lv:
> is that really a self signed certificate? For self signed certificates
> names of issuer
> are the same as names of subject. In your example OU and CN are not the
> same.
> Also, according to wikipedia, self signed certificates (root
> certificates)
Hi,
I need to verify the attached certificate (cert.bin) and read the asn1
info stored in it. I'm using the following commands:
openssl smime -verify -in cert.pem -inform pem -CAfile "signer.pem" >
cert.data
and then:
openssl asn1parse -inform DER -in cert.data
now if the signer give me "
Actually, I was advised to put libssl after libcrypto. I don't recall being
told to put libssl after libldap. Also, knowing that order matters is of
little use if you don't grasp what the order should be.
I did show the link command in a previous post, but admittedly not up to date
with t
If that CRL is trying to revoke that root certificate, what in that
CRL could ber forged?
CRL can only revoke a CRT, not unrevoke, right?
I know, that when revoking a certificate, CRL is signed by
certificate issuer (CA),
is there a reason, why a (small) CRL could not be signed by
cartifica
Hi,
I need to verify the attached certificate (cert.bin) and read the asn1
info stored in it. I'm using the following commands:
openssl smime -verify -in cert.pem -inform pem -CAfile "signer.pem" >
cert.data
and then:
openssl asn1parse -inform DER -in cert.data
now if the signer give me "
The output is little or no help in knowing specifically what you've done wrong,
What link command line did you use?
The most likely explanation of this is that you still haven't done what several
different people here have advised you several times, including in the messages
quoted below - made
Self-signed certs cannot be revoked, because if the private key were
compromised then CRLs could be forged. Trusted roots by definition are
explicitly trusted, and are usually placed in a secure location (e.g. local
system trusted root store), and this set is usually updated as part of the OS.
On Fri, Jul 15, 2011 at 01:17:36PM +0800, Kumar, Nilesh wrote:
> I have few queries regarding OpenSSl 0.9.8 :
>
> 1. Does it have 64-bit support? If not, which version(s) support
> 64-bit arch?
Yes, on many 64-bit CPU architectures.
>
> 2. RHEL version(s) supported
None. The softw
I am able to convert the ECC key from compressed to uncompressed (and vice
versa) using the "EC_KEY_set_conv_form" call .
On Sun, Jul 17, 2011 at 10:30 AM, Erwin Himawan wrote:
> Marti, thanks for your response.
>
> Erwin
>
> --**
> From: "Martin
is that really a self signed certificate? For self signed
certificates names of issuer
are the same as names of subject. In your example OU and CN are not
the same.
Also, according to wikipedia, self signed certificates (root
certificates) cannot be revoked,
although I do not understand wh
On Fri, Jul 15, 2011, Kenneth Goldman wrote:
> I have to extract a binary (unsigned char *) representation of a public
> key from an ECDSA openssl key structure. Later, I want to use that binary
> to reconstruct an openssl public key structure that I can use to verify a
> signature. The curve
I put the -static where it belongs. Here is a partial list of the output:
/usr/lib/gcc/i586-redhat-linux/4.4.1/../../../libldap.a(tls_o.o): In function
`tlso_sb_close':
(.text+0xa6): undefined reference to `SSL_shutdown'
/usr/lib/gcc/i586-redhat-linux/4.4.1/../../../libldap.a(tls_o.o): In fun
Dear Ken,
One way to accomplish this is something along the lines of
EC_POINT *EC_KEY_get0_public_key(const EC_KEY *);
where EC_KEY is the key structure, returning the point as an EC_POINT
structure, followed by
int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *, const
EC_POINT *, BIGNUM
Hello,
I use self-signed certificates for my VPN. Now, I try to revoke a crt.
I called: openssl ca -revoke edge.crt -config vpn.conf
But I get the error:
"ERROR:name does not match /C=DE/ST=BY/O=xxx/OU=edge am/CN=edge
am/emailAddress=xxx"
The header of the crt:
Certificate:
Data:
Vers
Hi Mayur
Hope the links below help answer your question :
http://www.openssl.org/docs/crypto/pem.html
http://www.umich.edu/~x509/ssleay/x509_store.html
http://www.openssl.org/docs/ssl/SSL_CTX_load_verify_locations.html#
Best regards
Michel
Le 18/07/2011 05:38, Mayur Premi a écrit :
[Mayur]
Hi Mayur,
I have used openssl program named verify like this:
openssl verify -CApath /path/to/symbolic/links/folder -CAfile
/path/to/PEM/encoded.file certificate.cer
this coomand verifies the certificate stored in certifictae.cer against the
certificates found in /path/to/symbolic/links/folder a
16 matches
Mail list logo
