Thanks all for detailed reply,
demos/x509/mkcert.c approach:
I understood that I dont need to create Certificate signing request (CSR)
and I can directly create
X509 *My_cert ,
and sign it with my CA certificate/key.
demos/x509/mkreq.c approach:
Still i dont understand that,
On Wed, Jul 25, 2012 at 4:15 PM, Tom Browder wrote:
> On Wed, Jul 25, 2012 at 3:40 PM, Ted Byers wrote:
>> On Wed, Jul 25, 2012 at 4:03 PM, Tom Browder wrote:
...
>> Thanks. Let me know when I can take a look at yor script. I'd also like to
>> hear about how you harden your servers.
>
> Roger-
Hi folks,
I have dynamically linked a FIPS capable OpenSSL library (libcrypto.so and
libssl.so) into my product's build, but still get a "fingerprint does not
match"
error when I call FIPS_mode_set(1). This is using a validated copy of FIPS 2.0
source and OpenSSL 1.0.1c.
The full error is:
25
Thanks Dave for rectifying my reply.
Indeed, I was not precise in my reply.
On Thu, Jul 26, 2012 at 12:06 AM, Dave Thompson wrote:
> >From: owner-openssl-us...@openssl.org On Behalf Of Sukalp Bhople
> >Sent: Wednesday, 25 July, 2012 08:45
>
> >You will always have to create a certificate request
>From: owner-openssl-us...@openssl.org On Behalf Of Sukalp Bhople
>Sent: Wednesday, 25 July, 2012 08:45
>You will always have to create a certificate request using your private
key.
True if you're using an external CA, but not if you're doing it yourself.
openssl commandline supports both options
On Wed, Jul 25, 2012 at 3:40 PM, Ted Byers wrote:
...
> On Wed, Jul 25, 2012 at 4:03 PM, Tom Browder wrote:
...
>> I will provide the user passwords for the client certs. to my
>> intermediate helpers via the USPO and the individual client
>> certificates via e-mail. The users have to get their
On Wed, Jul 25, 2012 at 4:03 PM, Tom Browder wrote:
> On Wed, Jul 25, 2012 at 12:49 PM, Ted Byers wrote:
> > Hi All
>
> Hi, Ted. I, too, have been looking for something like you have. I am
> in the process of creating a Perl program that may be able to help you
> (for at least part of your req
On Wed, Jul 25, 2012 at 12:49 PM, Ted Byers wrote:
> Hi All
Hi, Ted. I, too, have been looking for something like you have. I am
in the process of creating a Perl program that may be able to help you
(for at least part of your requirements), but I first can point you to
one of the most current
Hi All
I just subscribed to this list.
I have some familiarity with openssl having used it to generate self
signed keys for testing secured web applications (on Apache 2.2),
prior to deployment, at which time my colleagues would buy a server
certificate from one of the usual CAs, such as GoDaddy.
Hi,
thanks for your responses. It seems this may actually be a heap
corruption after all, as the following function causes the crash:
`heap_first(&hentry,hlist.th32ProcessID,hlist.th32HeapID)` on line 521
with version 1.0.1
I will investigate this further tomorrow and hopefully come up with
Thanks Jakob! I received the suggestion of using the CAPI engine from this
list when I initially laid out my problem earlier in the year; unfortunately I
couldn't find any documentation on how to use it let alone tailor its
functionality to my requirements (e.g. selecting certificates based on
Thanks very much for your clearly laid out and informative note; most of this
matches my intuitive understanding of the differences but having it elucidated
backed with experience is invaluable, thanks again ... N
---
Nou Dadoun
ndad...@teradici.com
604-628-1215
-Original Message-
Fro
Replying to the DSA inquiry yesterday Nou Dadoun
First thing is RSA certificate has RSA keys and DSA certificate has
Diffie-Hellman (DH) keys. In SSL, Diffie-Hellman is done for key exchange to
create in each end a common shared secret. Thereafter, the channel is secure
using the secret not the
>On Wed 25/07/12 2:16 PM , Jakob Bohm jb-open...@wisemo.com sent:
>On 7/25/2012 3:01 PM, Florian Rüchel wrote:
>> Hi,
>>
>> I have a tool which calls RAND_bytes() for a length of 16 bytes while
>> using the CAPI engine and having set it to be used for all purposes.
>> If I run it in my Visual Stu
I am using the following command inside a Perl program:
$ /opt/openssl/bin/openssl req -passout stdin < /tmp/6I0ZLcltuD \
-config CA-default.org/ca-ssl.conf -out CA-default.org/certs/cacert.pem \
-outform PEM -newkey rsa -x509 -batch -verbose
and get the following response, quote:
Using con
On 7/25/2012 3:01 PM, Florian Rüchel wrote:
Hi,
I have a tool which calls RAND_bytes() for a length of 16 bytes while
using the CAPI engine and having set it to be used for all purposes.
If I run it in my Visual Studio Debugger in executes perfectly, but if
run from within a command shell, it
Hi,
I have a tool which calls RAND_bytes() for a length of 16 bytes while
using the CAPI engine and having set it to be used for all purposes. If
I run it in my Visual Studio Debugger in executes perfectly, but if run
from within a command shell, it hangs on this statement (I localized it
wit
Hi,
You will always have to create a certificate request using your private key.
This certificate request is used to sign and create respective certificate.
Hope this helps.
On Wed, Jul 25, 2012 at 2:14 PM, Saurabh Pandya
wrote:
> --> I have created my self signed CA (cert.pem) using following
1) I do not have the source from the CD yet, that is on the way.
2) I've looked, and I do not see a listing of FIPS qualified platforms. I
am compiling with the following specs:
--gcc version 4.4.3
--cross compile mips-openwrt-linux-uclibc
--arch mips32r2
--tune 24kc
--Hardwa
--> I have created my self signed CA (cert.pem) using following openssl commands
1) openssl req -config /etc/openssl.cnf -new -x509 -keyout private.key
-out cert.pem -days 8000 -passin pass:"abcd" -passout pass:"abcd"
2) openssl ca -updatedb -config /etc/openssl.cnf -keyfile private.key
-key "abc
In 0.9.8f, pkcs7_output_data just copies the input data to the output
bio without examining it if the PKCS7_STREAM flag is not set:
if (!(flags & PKCS7_STREAM))
{
SMIME_crlf_copy(data, out, flags);
return 1;
}
/* Partial sign operation */
/* Initialize
I would ask two questions:
1) Are you using the distributed source from the CD?
2) Is that particular MIPS platform one of the platforms for which the FIPS
qualifications applies?
If 1), you need to do this (not that it will necessarily solve your problem :)
If not 2), then you'll need to get
On Wed, Jul 25, 2012, Puneet Khunteta wrote:
> Hello,
>
> I am an user of openssl library.
> I am seeking for a method to get the "Extended Key Usage" field from the
> X509 certificate .
> I will be grateful if you can provide me a sample code in c.
>
You can retrieve a structure representing a
On 24-07-2012 19:31, Nou Dadoun wrote:
Hey folks,
I recently added a facility to our code base to retrieve a certificate and
private key from a windows certificate store (using the windows crypto api) and
converted it to a form usable by openssl. The certificate part was easy, the
key a littl
Thank you All
Samples were very useful.
I could create certificates request using RSA keys.
But how to create request usign using GOST keys?
Best Regards
Vladislav
Hi,
You will have to go through Openssl source code.
Have a look at following files:
1. x509_v3.c (around line 74), You will find the following method:
int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid,
int lastpos)
{
ASN1_OBJECT *obj;
obj=OBJ_nid2obj(nid);
if (obj == NU
26 matches
Mail list logo
