Sorry for the delay, I misplaced this temporarily.
> From: owner-openssl-us...@openssl.org On Behalf Of Odomae Bro
> Sent: Thursday, 08 December, 2011 12:02
>I am now working with 1.0.0.e and am able to get the
> anonymous DH going. There is only one small problem.
Hi Dave,
Thanks a lot for your response. I will try this out.
Thanks
Anamitra
On 12/13/11 9:46 PM, "Dave Thompson" wrote:
>> From: owner-openssl-us...@openssl.org On Behalf Of Anamitra Dutta
>>Majumdar
>> Sent: Tuesday, 13 December, 2011 14:37
>
>> >I am looking for OpenSSL api to parse pkcs7
Yes, and Thank You both for doing so!
While we're at it, I am reminded of another one we've found - not terribly
important, but worth a look:
In using this option: '-enddate 140615235959Z' when signing a CSR, the cert is
created correctly, expiring in 2014. However, the user prompt indicates
2011/12/16 Yang Chun-Kai :
> 1. If I use "openssl genrsa -out my_private_key.key 2048" this command then
> I will get the encrypted private key or not encrypted key ?
>
> because I want to use python ssl module and heard python ssl lib not support
> encrypted private key for sockets.
Pyhon's SSL mo
Le 16/12/2011 19:07, Jakob Bohm a écrit :
On 12/16/2011 6:47 PM, Erwann Abalea wrote:
Le 16/12/2011 16:29, Jakob Bohm a écrit :
On 12/16/2011 3:22 PM, Erwann Abalea wrote:
NameConstraints is a set of constraints imposed on the semantic
value of the name elements, not on their encoding (string
Le 16/12/2011 18:45, Mick a écrit :
[...]
Indeed, the message was rather esoteric and it did not offer a way out - e.g.
it could have advised to change "match" to "supplied" in openssl.cnf, or to
ensure that the encoding between the CSR and ca is the same.
I think what confused me is that by upl
On 12/16/2011 6:47 PM, Erwann Abalea wrote:
Le 16/12/2011 16:29, Jakob Bohm a écrit :
On 12/16/2011 3:22 PM, Erwann Abalea wrote:
Le 16/12/2011 15:07, Jakob Bohm a écrit :
I think we may have a bug here, anyone from the core team
wish to comment on this.
The apparent bug:
When enforcing the
Le 16/12/2011 18:27, Jakob Bohm a écrit :
On 12/16/2011 6:14 PM, Erwann Abalea wrote:
Le 16/12/2011 17:57, Mick a écrit :
On Friday 16 Dec 2011 16:23:52 you wrote:
man req
Then look for the "-utf8" argument.
I took your example below, added "-utf8" argument, and it worked.
You can display the
OK, Jakob - will try this. Tks for the feedback. (Seems we'd tried the 'utf8'
option inline already, but will try again). and my 'read' of the -nameopt
multiline config was that utf8 would be included, in absence of its specific
de-activation, such as with the -utf8 command.
Lou Picciano
---
Le 16/12/2011 16:29, Jakob Bohm a écrit :
On 12/16/2011 3:22 PM, Erwann Abalea wrote:
Le 16/12/2011 15:07, Jakob Bohm a écrit :
I think we may have a bug here, anyone from the core team
wish to comment on this.
The apparent bug:
When enforcing the "match" policy for a DN part, openssl reports
On Friday 16 Dec 2011 17:27:42 you wrote:
> On 12/16/2011 6:14 PM, Erwann Abalea wrote:
> > Le 16/12/2011 17:57, Mick a écrit :
> >> On Friday 16 Dec 2011 16:23:52 you wrote:
> >>> man req
> >>> Then look for the "-utf8" argument.
> >>>
> >>> I took your example below, added "-utf8" argument, and
On 12/16/2011 6:14 PM, Erwann Abalea wrote:
Le 16/12/2011 17:57, Mick a écrit :
On Friday 16 Dec 2011 16:23:52 you wrote:
man req
Then look for the "-utf8" argument.
I took your example below, added "-utf8" argument, and it worked.
You can display the content with "openssl req -text -noout -in
Le 16/12/2011 17:57, Mick a écrit :
On Friday 16 Dec 2011 16:23:52 you wrote:
man req
Then look for the "-utf8" argument.
I took your example below, added "-utf8" argument, and it worked.
You can display the content with "openssl req -text -noout -in
blabla.pem -nameopt multiline,utf8,-esc_msb"
On Friday 16 Dec 2011 16:23:52 you wrote:
> man req
> Then look for the "-utf8" argument.
>
> I took your example below, added "-utf8" argument, and it worked.
> You can display the content with "openssl req -text -noout -in
> blabla.pem -nameopt multiline,utf8,-esc_msb"
Would using -utf8 resolve
man req
Then look for the "-utf8" argument.
I took your example below, added "-utf8" argument, and it worked.
You can display the content with "openssl req -text -noout -in
blabla.pem -nameopt multiline,utf8,-esc_msb"
Le 16/12/2011 16:33, Lou Picciano a écrit :
openssl req -new -sha1 -nodes
Jakob, All,
Glad this is coming up again, as we are having similar problems. Like you, have
string_mask = utf8only in config, and have never been able to embed UTF8 chars
into certs.
We're using the OS X Terminal Program, which is (purports to be?) UTF8-capable.
We can enter the subject line
On 12/16/2011 3:22 PM, Erwann Abalea wrote:
Le 16/12/2011 15:07, Jakob Bohm a écrit :
I think we may have a bug here, anyone from the core team
wish to comment on this.
The apparent bug:
When enforcing the "match" policy for a DN part, openssl reports an
error if the CSR has used a different s
Le 16/12/2011 15:07, Jakob Bohm a écrit :
I think we may have a bug here, anyone from the core team
wish to comment on this.
The apparent bug:
When enforcing the "match" policy for a DN part, openssl reports an
error if the CSR has used a different string type for the field, but the
correct val
On Friday 16 Dec 2011 12:45:11 you wrote:
> On Fri, Dec 16, 2011, Michael S. Zick wrote:
> > On Fri December 16 2011, _daxh_ wrote:
> > > Hello.
> > >
> > > I have signed certificate stored in cert.pem file. Also I have private
> > > key stored in iPhoneMyBase64PrivateKey.pem. Then I can use the
>
I think we may have a bug here, anyone from the core team
wish to comment on this.
The apparent bug:
When enforcing the "match" policy for a DN part, openssl reports an
error if the CSR has used a different string type for the field, but the
correct value (The naively expected behavior is to rea
On Thu, Dec 15, 2011, harrije wrote:
>
> I have not had any success in my search for a known issue with malformed
> client certificates generated by openssl 1.0.0e for Windows. Before I invest
> too much time trying to debug the issue, I wanted to query whether others
> may have a clue on cause a
Hello guys, good day~
I have some question about generating private keys.
1. If I use "openssl genrsa -out my_private_key.key 2048" this command then I
will get the encrypted private key or not encrypted key ?
because I want to use python ssl module and heard python ssl lib not
support encry
Just to clarify, my references to version 9.8e should read 0.9.8e
--
View this message in context:
http://old.nabble.com/Malformed-Certificate-Created-for-Windows-but-Not-Linux-tp32983415p32983417.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
Hi,
I have to run server with SSLv2 only support.
I know that it is old and insecure protocol but I need it.
It works with SSLv3 only, and with SSLv3 and SSLv2:
...
SSLProtocol SSLv3(or -all +SSLv2 +SSLv3)
SSLCipherSuite SSLv3(or ALL)
...
but when I change only SSL version to SSLv2:
...
SS
I have not had any success in my search for a known issue with malformed
client certificates generated by openssl 1.0.0e for Windows. Before I invest
too much time trying to debug the issue, I wanted to query whether others
may have a clue on cause and resolution. See following description...
I d
On Friday 16 Dec 2011 11:31:59 you wrote:
> (Sorry, accidentally hit send, ignore previous mail)
>
> On 12/15/2011 11:01 PM, Mick wrote:
> > Hi All,
> >
> > I've generated a cakey.pem and cacert.pem on my PC. Uploaded the
> > cacert.pem to my router and used its gui to generate a CSR.
> >
> > W
On Fri, Dec 16, 2011, Michael S. Zick wrote:
> On Fri December 16 2011, _daxh_ wrote:
> >
> > Hello.
> >
> > I have signed certificate stored in cert.pem file. Also I have private key
> > stored in iPhoneMyBase64PrivateKey.pem. Then I can use the fillowing openSSL
> > comand:
> >
> > $openssl p
On Fri December 16 2011, _daxh_ wrote:
>
> Hello.
>
> I have signed certificate stored in cert.pem file. Also I have private key
> stored in iPhoneMyBase64PrivateKey.pem. Then I can use the fillowing openSSL
> comand:
>
> $openssl pkcs12 -export -out certificate.pfx -inkey
> iPhoneMyBase64Privat
Hello.
I have signed certificate stored in cert.pem file. Also I have private key
stored in iPhoneMyBase64PrivateKey.pem. Then I can use the fillowing openSSL
comand:
$openssl pkcs12 -export -out certificate.pfx -inkey
iPhoneMyBase64PrivateKey.pem -in cert.pem
to create certificate.pfx, that co
(Sorry, accidentally hit send, ignore previous mail)
On 12/15/2011 11:01 PM, Mick wrote:
Hi All,
I've generated a cakey.pem and cacert.pem on my PC. Uploaded the cacert.pem
to my router and used its gui to generate a CSR.
When I try to sign this CSR file back on my PC I'm getting this error:
On 12/15/2011 11:01 PM, Mick wrote:
Hi All,
I've generated a cakey.pem and cacert.pem on my PC. Uploaded the cacert.pem
to my router and used its gui to generate a CSR.
When I try to sign this CSR file back on my PC I'm getting this error:
=
$ openssl ca -co
On 12/15/2011 2:45 PM, gkout wrote:
Hi Steve,
oneline seems to do the job.
Issuer: C = ES, O = xxx ESPAÑA, CN = xxx ESPAÑA-xx
All that is left now is to feed this into apache using UTF-8 format. Another
challenge :)
Maybe the other command (-nameopt multiline,show_type) suggested
by Dr. He
32 matches
Mail list logo
