Hi,
I'm working with openwsman to manage Windows server. OpenWSMAN uses OpenSSL (on
linux based platforms) to authenticate the server; now Windows does not support
digest and as per my understanding OpenSSL does not support Kerbos/GSSAPI.
Please correct me if my understanding is wrong. Incase i
Do you think OpenSSL is a game?
On 11.03.2013 22:02, kap...@mizera.cz wrote:
Thank you,
but this thread is about TS from real Certification Authority and
problem with attribute certificates.
--kapetr
Dne 11.3.2013 21:16, Walter H. napsal(a):
Hello,
try this for generating the TSA-reply
o
Just note.
I accidentally deleted: http://2i.cz/dcc5b69c4f
Here is new copy: http://2i.cz/0f81f2d80b
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-us
That is what we talk about here.
Try to check previous posts in this thread.
--kapetr
Dne 11.3.2013 22:51, Peter Sylvester napsal(a):
On 03/11/2013 10:31 PM, kap...@mizera.cz wrote:
Dne 11.3.2013 21:42, Peter Sylvester napsal(a):
the second ess certid says
SEQUENCE {
On 03/11/2013 10:31 PM, kap...@mizera.cz wrote:
Dne 11.3.2013 21:42, Peter Sylvester napsal(a):
the second ess certid says
SEQUENCE {
OCTET STRING
52 EE 29 A7 35 03 04 F8 94 21 48 72 76 9F 24 78
EB 6C D7 AC
Dne 11.3.2013 21:42, Peter Sylvester napsal(a):
the second ess certid says
SEQUENCE {
OCTET STRING
52 EE 29 A7 35 03 04 F8 94 21 48 72 76 9F 24 78
EB 6C D7 AC
}
by 3721926ea67e877df5f4e35dd3c87397eef3
Thank you,
but this thread is about TS from real Certification Authority and
problem with attribute certificates.
--kapetr
Dne 11.3.2013 21:16, Walter H. napsal(a):
Hello,
try this for generating the TSA-reply
openssl ts -reply -config openssl.cnf -section tsa_timestamp -queryfile
TSA-quer
On 03/11/2013 08:01 PM, kap...@mizera.cz wrote:
Of course YES.
Timestamp reply is nothing else as CMS SignedData structure.
not quite but ts -reply -tokenout converts it to such a thing
__
OpenSSL Project
the second ess certid says
SEQUENCE {
OCTET STRING
52 EE 29 A7 35 03 04 F8 94 21 48 72 76 9F 24 78
EB 6C D7 AC
}
by 3721926ea67e877df5f4e35dd3c87397eef33d4f
is the hash of the der version of te intermediate
Hello,
try this for generating the TSA-reply
openssl ts -reply -config openssl.cnf -section tsa_timestamp -queryfile
TSA-query -inkey ts.key -signer ts.crt -out TSA-reply
where ts.crt and ts.key are the timestamping certificate and private key
(without passphrase)
and TSA-query is the time
Of course YES.
Timestamp reply is nothing else as CMS SignedData structure.
--kapetr
Dne 11.3.2013 19:51, Dr. Stephen Henson napsal(a):
On Mon, Mar 11, 2013, kap...@mizera.cz wrote:
Hello,
Dne 11.3.2013 17:33, Dr. Stephen Henson napsal(a):
As to the OP query. I'm not that familiar with the
On Mon, Mar 11, 2013, kap...@mizera.cz wrote:
> Hello,
>
> Dne 11.3.2013 17:33, Dr. Stephen Henson napsal(a):
> >As to the OP query. I'm not that familiar with the timestamping code. OpenSSL
> >doesn't support attribute certificates and adding support is not trivial.
>
> The attribute certificat
Could you please explain it in detail ?
Commands sentence as example ?
INPUT:
- timestamp reply
- certificates (whole chain)
COMMANDS:
OUTPUT:
successful verification
Thanks --kapetr
Dne 11.3.2013 19:39, Peter Sylvester napsal(a):
On 03/11/2013 06:43 PM, kap...@mizera.cz wrote:
Hello
On 03/11/2013 06:43 PM, kap...@mizera.cz wrote:
Hello,
...
As I know, the attr. certs are not very necessary => that is why I mean, that temporary solution
would be to ignore them in verification process. At least in TS it would solve the problem.
Just for info: converting te stuff to pk
Hello,
Dne 11.3.2013 17:33, Dr. Stephen Henson napsal(a):
As to the OP query. I'm not that familiar with the timestamping code. OpenSSL
doesn't support attribute certificates and adding support is not trivial.
The attribute certificates are common possible in CMS, not just in TS =>
attr. cert
On Mon, Mar 11, 2013, Richard Knning wrote:
> Am 11.03.2013 13:01, schrieb kap...@mizera.cz:
> >
> >P.S: is this forum monitored by developers of openssl or should I report
> >it in devel forum?
>
> At least Stephen Henson answers regularily in this mailing list (as
> you can see by looking into
Am 11.03.2013 13:01, schrieb kap...@mizera.cz:
P.S: is this forum monitored by developers of openssl or should I report
it in devel forum?
At least Stephen Henson answers regularily in this mailing list (as you
can see by looking into a couple of threads), therefore i would stay in
this list
Hi All,
We are using Solaris box installed IBM http service. We created CSR request
and submitted to CA authority and got signed certificate also. but we are
not sure how to import the singed certificates into the key DB. previously
we were using ikeyman, as it was not able to generate the keysize
Hello openssl users,
We are planning to use OpenSSL library because of FIPS 140-2 support and AES encryption/decryption in CFB128 mode.
One of the requirement for FIPS mode is self check which is performing calculation of hash on particular memory address on which must be libeay32.dll loaded
Hello,
after long time and many communication with the Certification Authority,
they send me final conclusion:
The problem with verification of their timestamps in openssl is caused
by improper/none handling of ATTRIBUTE CERTIFICATEs in openssl.
Other apps, e.b. Adobe, have no problem with
20 matches
Mail list logo
