On Mon, Nov 19, 2012, Erwann Abalea wrote:
> You should get better CA scripts, or build your own set after
> reading your openssl.cnf file and other associated documentation.
>
> man req
> man x509
> man ca
> man x509v3_config
>
> When I need a junk CA, I personaly use "openssl req" to create th
Answers inline.
--
Erwann ABALEA
-
Un forum peut répondre à plusieurs besoins à la fois
Ici, le groupe des débutants dépasse en nombre le groupe des utilisateur
"middle-class" ce qui provoque inévitablement des tensions.
-+- EF - Guide du Neuneu d'Usenet - La lutte des middle classes -+-
Le
Maybe I got something wrong creating the intermediate CA which is
supposed to be the 2nd certificate. This is what I did to create the
intermediate CA. Maybe I missed something?
Generated Intermediate CA key:
openssl genrsa -out ia.key 4096
Generated Intermediate CA Certificate Request:
open
Thanks.
The first certificate is your root CA, the second one is a version 1
certificate that can't be used as a CA (it would be insecure to allow it).
If your end-user certificate is issued by this second certificate, then
the error message is normal.
--
Erwann ABALEA
-
anatomie: ablatio
I'm assuming this is what you want. This is the contents of my chain file:
-BEGIN CERTIFICATE-
MIIFlDCCA3ygAwIBAgIJAJsm0MjspJZLMA0GCSqGSIb3DQEBBQUAMDoxGDAWBgNV
BAMTD2NhMy5kZWV6dGVrLmNvbTEeMBwGCSqGSIb3DQEJARYPY2EzQGRlZXp0ZWsu
Y29tMB4XDTEyMTExNzIzMDA1MVoXDTE3MTExNzIzMDA1MVowOjEYMBYGA1UEAxMP
On Mon, Nov 19, 2012 at 9:24 AM, lists wrote:
> By its nature, a hash completely changes if just a bit of the original
> content is modified
By design, a cryptographic hash function (on average) changes half the
output bits when a single bit in the input is inverted.
On 10/27/2012 06:30 PM, Michael Zintakis wrote:
Maybe a bit daft of me to ask this, but is it possible to calculate a
hash on a stream of bytes where the resulting hash is considered to be
part of that stream?
In other words, lets assume that I have a stream which is, say, 64
bytes long in to
Am 19.11.2012 15:45, schrieb John Zavgren:
So, what is a list of easy-to-follow code examples? Here are some
suggestions:
1.) read private key and a message from a file: encrypt message with
private key, write encrypted buffer to (another) file.
2.) read cert and private key, read file, compute
Can you post here the certificate chain? Not the private key, only the
certificates, from the root down to the end-entity.
--
Erwann ABALEA
-
Ca se fait pas du tout d'avoir donné toutes les adresses email des
votants C bon pour les spammers ça !
[suit la liste intégrale des votants mal quoté
On 11/19/2012 5:19 AM, Thomas J. Hruska wrote:
On 11/13/2012 11:34 AM, Sanford Staab wrote:
I have been struggling with openssl for a few months now writing batch
scripts on windows trying to make a .net web client with a client
certificate work with 2-way ssl against an apache web server.
Do y
On Mon, Nov 19, 2012 at 10:53 AM, Deeztek.com Support
wrote:
> I fixed the command and it created the end user .pfx file. It imported
> successfully into windows but I get this message when I looked at the
> certification chain for the intermediate ca:
>
> This certification authority is not allow
I fixed the command and it created the end user .pfx file. It imported
successfully into windows but I get this message when I looked at the
certification chain for the intermediate ca:
This certification authority is not allowed to issue certificates or
cannot be used as an end-entity certifi
On Mon, Nov 19, 2012, Deeztek.com Support wrote:
> Nevermind the last message, you said *concatenate* the CA
> certificate together. So, this is what i did:
>
> Root cert:
> cat ca.crt > cachain.pem
>
> Int-ca cert:
>
> cat int-ca.crt >> cachain.pem
>
> Ran the following but it didn't work:
>
I meant, I run the command, I get no error, no pfx file is created and I
simply get the openssl help command:
Usage: pkcs12 [options]
where options are
-export output PKCS12 file
-chainadd certificate chain
-inkey file private key if not infile
What do you mean "didn't work"?
On Mon, Nov 19, 2012 at 9:45 AM, John Zavgren wrote:
> Thomas:
> You make very good suggestions. Of them all (aside from the use of tact in
> approaching the developers :-) ), I think that easy-to-follow code examples
> would improve the openSSL experience more than anything else you identify.
>
On Mon, Nov 19, 2012, Deeztek.com Support wrote:
> Nevermind the last message, you said *concatenate* the CA
> certificate together. So, this is what i did:
>
> Root cert:
> cat ca.crt > cachain.pem
>
> Int-ca cert:
>
> cat int-ca.crt >> cachain.pem
>
> Ran the following but it didn't work:
>
Nevermind the last message, you said *concatenate* the CA certificate
together. So, this is what i did:
Root cert:
cat ca.crt > cachain.pem
Int-ca cert:
cat int-ca.crt >> cachain.pem
Ran the following but it didn't work:
openssl pkcs12 -export -out someone.pfx -inkey someone.key -in
someone
On Mon, Nov 19, 2012, Deeztek.com Support wrote:
> Sorry, I'm not sure what you mean by concentrate the CA certificate
> together.
>
Join the root and intermediate CAs together in one file e.g. like this
under Linux:
cat intermediateca.pem root.pem >cacerts.pem
Then pass "-certfile cacerts.pem
Sorry, I'm not sure what you mean by concentrate the CA certificate
together.
On 11/19/2012 10:02 AM, Dr. Stephen Henson wrote:
On Mon, Nov 19, 2012, Deeztek.com Support wrote:
I have created a CA and an intermediate CA. I use the intermediate
CA to create self-signed s/mime certificates for
On Mon, Nov 19, 2012, Deeztek.com Support wrote:
>
> I have created a CA and an intermediate CA. I use the intermediate
> CA to create self-signed s/mime certificates for end users which
> works fine. I need to be able to create .pfx files form those end
> user certificates and include the CA cha
It tends to be a shortcoming of many, many types of software documentation
that it is feature-oriented rather than task-oriented. That is, it does a
good job of saying "this switch does this, that parm specfies that" and a
poor job of answering the question "I want to accomplish X. What the heck do
I have created a CA and an intermediate CA. I use the intermediate CA to
create self-signed s/mime certificates for end users which works fine. I
need to be able to create .pfx files form those end user certificates
and include the CA chain into the pfx file. Currently the command I use
to ex
Thomas:
You make very good suggestions. Of them all (aside from the use of tact in
approaching the developers :-) ), I think that easy-to-follow code examples
would improve the openSSL experience more than anything else you identify.
These examples could even provide a natural context for the "cook
23 matches
Mail list logo
