Re: Cloning a CSR or Cert. for a new CSR with a new key?

A CSR is self-signed to provide what's called "proof of possession" -- that is, proof that the requester possesses the private key to the claimed public key. It doesn't act as a CA in that case, because the CSR is not an actual Certificate structure. -Kyle H On Thu, Jan 30, 2020, 18:26 Douglas M

RE: SSL_connect fails on systemd socket

Hi Matt, I got it working through systemd. My server program needed some modifications to properly respond to SSL_connect. Thanks for your assistance. Regards, Hari. -Original Message- From: Matt Caswell [mailto:m...@openssl.org] Sent: Wednesday, January 29, 2020 11:14 PM To: Tiwari,

Re: Cloning a CSR or Cert. for a new CSR with a new key?

Thanks, Dw. Interesting. I think I misunderstood this explanation about the -signkey option: "This option causes the input file to be self signed using the supplied private key." Your input has me thinking that a certificate signing request is in fact self-signed like a self-signed certificate

Re: Cloning a CSR or Cert. for a new CSR with a new key?

> On 30 Jan 2020, at 21:38, Douglas Morris via openssl-users > wrote: > > I am trying to implement automated domain certificate renewal. A certificate > signing request is sent to an ACME server and on success a certificate is > returned. I'd like to be able to call OpenSSL to make a new key

Cloning a CSR or Cert. for a new CSR with a new key?

I am trying to implement automated domain certificate renewal. A certificate signing request is sent to an ACME server and on success a certificate is returned. I'd like to be able to call OpenSSL to make a new key and then make a new certificate signing request just like the old one except for

And that's how text-ish PEM files are.

Victor, Thanks for that walk-through explanation. I probably get it even. I should have followed the reference for the definition of eol in Section 3 of RFC 7468. It was only one more human stack call. I appreciate the clarification on the valid text encoding of explanatory text and of the heade

Re: TLS 1.3 limiting SignatureScheme

Hello, -sigalgs does the trick. On Thu, Jan 30, 2020 at 3:28 PM Dmitry Belyavsky wrote: > Hello, > > How can I limit SignatureScheme ( > https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme) > announced by client when using TLS 1.3? > > I'm interested in a s

TLS 1.3 limiting SignatureScheme

Hello, How can I limit SignatureScheme ( https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme) announced by client when using TLS 1.3? I'm interested in a solution either for 1.1.1 (preferred) or 3. Many thanks! -- SY, Dmitry Belyavsky