Need some basic level example that will demonstrate how to load keys and
certificates from a smart-card or any other PKCS #11 token. I want to write
and read encryption key from smart card.
If any one has used smart cards with there applications kindly share some
beginners level how-to-tutorials/
> From: owner-openssl-us...@openssl.org On Behalf Of Edward Ned Harvey
(openssl)
> Sent: Thursday, April 24, 2014 16:15
> > > openssl pkcs12 -export -out mypkcs12.pfx -inkey my.private.key -in
> > mycert.crt -certfile intermediate.crt -CAfile ca.crt
> > > (Correct?)
>
> So ... I just tried t
Mea Culpa. I had a bad 1.0.1g gzip file. Having found the right gzip file,
both MD5 and SHA1 match now.
For those who answered off-list, thanks very much.
+-+-+-+-+-+-+-+-+-
Dave McLellan, VMAX Software Engineering, EMC Corporation, 176 South St.
Mail Stop 176-V1 1/P-36, Hopkinton, MA 01749
Hi,
I am very new to Openssl. My aim is to compile openssl for WINCE 6.0 OS.
After spending lot of time on google , i found procedure to build openssl
for WINCE 6.0. But my attempt to build the wcecompat WINCE runtime libraries
is unsuccessful. Below is my environment
Host Platform : WINDOWS 7
Vi
I searched the archives (having recalled something about this over the last
three weeks) but found no specific answer.
After download of the .gz file for OpenSSL 1.0.g and the MD5 and SHA1 files, I
have found that the actual MD5 over the .gz doesn't match the downloaded
checksum, nor does the S
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Salz, Rich
> Sent: Monday, 28 April, 2014 09:37
>
> If you are comfortable with the key existing (online?) in multiple places,
> make the serial number be a UUID treated as a BIGNUM.
Yes, that's a muc
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of summer
> Sent: Friday, 25 April, 2014 17:19
>
> Furthur investigation shows the slowness is happening at _ssl.c line 306,
>
> self->ctx = SSL_CTX_new(SSLv23_method()); /* Set up context */
>
> Is thi
If you are comfortable with the key existing (online?) in multiple places, make
the serial number be a UUID treated as a BIGNUM.
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me; Twitter: RichSalz
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Mat Arge
> Sent: Monday, 28 April, 2014 04:54
>
> I agree with Walter, that it is not exactly good practise to have a CA key
> lying around on multiple servers. But anyway, if you need to do it you hav
On Apr 28, 2014, at 1:53 AM, Mat Arge wrote:
> You'd still have incrementally growing serial numbers
> (which is actually bad by itself) but from distinct ranges.
...or perhaps random within the range.
smime.p7s
Description: S/MIME cryptographic signature
I agree with Walter, that it is not exactly good practise to have a CA key
lying around on multiple servers. But anyway, if you need to do it you have to
create the random serial number externally by some script and write it into
the serial file (as set in the openssl configuration file used) pr
11 matches
Mail list logo
