I am sure at least some would sign it because RFC 5280 PKIX standard was
written by the CAs themselves and they are the ones deprecating CN in favor of
SAN.
--
Sent from my mobile device.
Viktor Dukhovni wrote:
>On Thu, Feb 14, 2013 at 04:11:33AM +, Viktor Dukhovni wrote:
>
>> You'll natu
On Thu, Feb 14, 2013 at 04:11:33AM +, Viktor Dukhovni wrote:
> You'll naturally need to add the requisite subjectAltName extensions.
A more complete example:
$ cat openssl.cnf
[ req ]
distinguished_name = dn
req_extensions = san
[ dn ]
[ san ]
subjectAltName
On Wed, Feb 13, 2013 at 07:46:10PM -0800, Matthew Hall wrote:
> Hello,
>
> I tried to figure out how to create a certification request which has an
> empty
> CN and only uses SANs, in line with the recommendations of the latest PKIX
> RFC
> 5280.
>
> I tried various permutations of commentin
Hello,
I tried to figure out how to create a certification request which has an empty
CN and only uses SANs, in line with the recommendations of the latest PKIX RFC
5280.
I tried various permutations of commenting out distinguished_name, adding a CA
section referencing a policy with commonName
I did further debugging and I found out that "-d" switch is causing the failure.
./config fips -d
ake depend
make
make test
This will cause the ecdsatest to fail.
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Santhosh Kokala
Sent: Wednesday, Februar
Hi,
Building the FIPS module on sparc 64-bit is generating a 32-bit
binary. The following message is in the output:
WARNING! If you wish to build 64-bit library, then you have to
invoke './Configure solaris64-sparcv9-cc' *manually*.
My understanding is that building with that c
Hi,
I am compiling FIPS capable Openssl using FIPS object module openssl-fips-2.0.2
and openssl -1.0.1c. After building FIPS object module and Openssl, when I run
"make test" inside openssl directory ecdsatest fails. Can someone please let
me know how to fix this issue?
My configure command
Thanks it worked.
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dr. Stephen Henson
Sent: Wednesday, February 13, 2013 2:53 PM
To: openssl-users@openssl.org
Subject: Re: config --with-fipslibdir set
On Wed, Feb 13, 2013, San
On Wed, Feb 13, 2013, Santhosh Kokala wrote:
> Hi,
>
> I am trying to compile FIPS capable openssl and I am using --with-fipslibdir
> switch which points to fipscanister.o. When I do this I see compilation errors
>
> ./config fips
> --with-fipslibdir=/home/test_user/fips/usr/local/ssl/fips-2.0
Hi,
I am trying to compile FIPS capable openssl and I am using --with-fipslibdir
switch which points to fipscanister.o. When I do this I see compilation errors
Compiling FIPS Object Module:
./config --install_prefix=/home/test_user/fips
make
make install
Compiling Openssl
./config f
Hi Erwann,
> -Original Message-
> From: Erwann Abalea
>
> "oid_section = new_oids" must be in the top level, not in [ca], [myca],
> or whatever. Just move that declaration to the top.
Thank you. This works like a charm.
Patrick Eisenacher
"oid_section = new_oids" must be in the top level, not in [ca], [myca],
or whatever. Just move that declaration to the top.
ICAO has only defined document types 'P' and 'ID', hasn't it?
--
Erwann ABALEA
Le 13/02/2013 16:46, Eisenacher, Patrick a écrit :
I'm troubled by what seems to be a weir
I'm troubled by what seems to be a weird problem with private oid definitions
in ca.conf.
Issuing a certificate works perfectly with the attached ca.conf file, as long
as I specify the private extension via its OID in the [ my_ext ] section. When
I replace the OID line with the commented out li
I read somewhere that subject commonName is now deprecated in favor of
subjectAltName.
Are there certs out there "in the wild" with no subject CN, only SAN?
-FG
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
14 matches
Mail list logo
