Am 19.04.2011 09:19, schrieb ch:
hi!
Can I verify a message or just a certificate WITHOUT having all the
issuer certificats (up to the RootCA) in my store??
Is there a option in the commandline tools? I was not able to find one
in the man-pages.
You can verify a message without checking th
aerow...@gmail.com schrieb:
Run mmc.exe (Microsoft Management Console), add the "Certificates"
snap-in, and then export the certificate and private key to a PKCS#12
file. Then use openssl pkcs12 to parse it.
Note that this works only if the private key is marked as exportable.
Ted
;)
-Kyle
Akos Vandra schrieb:
Hello!
I have a source of (more or less) true random numbers, which I get as
binary files (1MB each).
I want openssl to use these files as a random number source to
generate keys and signing operations. How can this be done?
Regards,
Vandra Ákos
Try using the RANDFILE
Leo, Liangyou Wang (liangwan) schrieb:
Hi All,
Could you give me quick reply that whether openssl 0.9.4 could support
multi-threads application?
Thanks and regards,
Leo
Hi Leo,
see http://www.openssl.org/support/faq.html#PROG1
Hope it helps
Ted
;)
--
PGP Public Key Information
Down
John Nagle schrieb:
Question: Is a certificate for "*.example.com" considered valid for
"example.com"?
OpenSSL seems to say no, but Firefox 2 says yes. Try
"https://stanford.edu"; for a test.
IIRC OpenSSL does not accept wildcards at all in s_client. The library
itself does not make any decis
joshi chandran schrieb:
Is there any way to convert .PEM to pkcs12
Have a look at http://www.openssl.org/docs/apps/pkcs12.html
PKCS#12 is a "bag" for multiple things, usually a private key plus one
or more certificates.
Please help me
Thanks Joshi
Hope it helps
Ted
--
PGP Public Key Inf
buddhika schrieb:
Hi,
I want to convert *.cer* format to *.pem* format with the private
key.I tried it by using following command.
*openssl x509 -inform der -in certificate.cer -out certificate.pem
*But the *certificate.pem* file doesn't contain the private key. To do
this task, I want to use
Julian schrieb:
Hi,
I am working on an application that is both a client and a server. The
DH prime is stored in the binary for the server. Since the Server will
exists inside the Client is there a considerable risk of embedding the
DH p into the code? The alternative is to have the Server gen
[EMAIL PROTECTED] schrieb:
Hello everybody
For some hours now I try to find out how to create CAfile (a file with multiple
CAs inside, the one file counterpart of -CApath).
I need such a file for HTTPS Client authentification together with the yaws webserver. In the yaws user guide they write t
Francisco Javier schrieb:
Hello, I am trying to generate a certificate using an external
application, but I need to automaticaly answer YES to the question
Sign the certificate? [y/n]:
exec("openssl ca -out certificados_usuarios/ALL/ALL_cert.pem -passin
pass:mipass -days 365 -infiles c
Reinhardt, Karen - Contractor schrieb:
Hi All,
I am attempting to create a p12 file which will include both
intermediate and root CA certificates in addition to the key and
server certificate. I keep getting "Error unable to get local issuer
certificate getting chain". I have checked the s
Wockenfuß schrieb:
Hi all,
I'm looking for some code examples to realise a X.509 certificate verification
over OCSP with C++.
Is there something to find in the Open SSL package? Or are there other places
were I can find something?
I would expect such code in the apps/ocsp.c file of the Op
Gregory Malsack schrieb:
Hello Everyone,
I have an index.txt file that has 40 lines in it. When I try to add
more items to the data base I get the error:
error creating name index:(2,5,38)
If I tail the index.txt file down to only a few lines, run the openssl
ca command again all
Christian Stock schrieb:
Hello,
I have the following problem:
I want to create a server key for a web-Service-Server (Soap-Server). To access this web
service I use the Internet Explorer API (WinInet). This certificate should be built from
a Self-Signed-Root-Certificate which I've also create
unski schrieb:
How can I get rid of the expired certificates in the revocation list? When I
do openssl ca -gencrl -out revocationlist.crl -config myconfig.cfg the
revoked certificates that are also expired are added into the list. It is no
use to store them there because the revocation list grows
Victor Duchovni schrieb:
On Sun, Dec 09, 2007 at 05:41:16PM -0500, Anthony Grossi wrote:
I am having trouble with verifying client certificates. I obtained a signed
server cert from CACert.org. I have been trying to use that cert to issue
client certs. The following verification error app
ProgrammerMP schrieb:
Configuration:
-Apache 2.0.61
-OpenSSL 0.9.8g
-Windows Platform
Setup:
I have installed Apache and OpenSSL on my PC. Everything works.
I create a certificate and key using my ip address for Server Name:
10.X.X.X
I changed my Apache Configuration to use to listen to por
Lidia Fernández schrieb:
Hello all!
Thank Julius Davies, the library that you say me is very good. But now
i have another problem...
When i encrypt in Java, it made a file in UFT-8 format, and this don't
understand by "openssl enc"
Do you know how i can change the "openssl enc -des3..." enco
Frank Garber schrieb:
The unique_subject only occurs once in the file. I moved the statement:
unique_subject = no
to the [ ca] section. Same error :-(
I still see the following in the output: DEBUG[load_index]:
unique_subject = "yes" ***
[...]
OK, I think I finally got it. You a
Frank Garber schrieb:
Hi Ted,
Thanks for the help, but...
Here's the line I added to the openssl.conf file:
[ CA_default ]
unique_subject = no
Here's the error message. Note the output about the unique subject?
Step 2:
Frank Garber schrieb:
Hi Jorge,
I got considerably farther and generated the server key, but am now
having a problem with the client key. I'm getting this error:
failed to update database
TXT_DB error number 2
Any thoughts?
This error is defined as DB_ERROR_INDEX_CLASH in txt_db.h. You are
Dave Bound schrieb:
Hi
Can anyone tell me how to deploy the necessary OpenSSL files as part
of a Win32 application?
The app is deployed using a Windows Installer EXE. I’m not
particularly familiar with how this works, but it has been suggested
that an OpenSSL merge module might be what I’m
Deep Chand schrieb:
Thanks Ted for a quick reply. I can receive data as you suggested. I use this
option on s_server. I guess it should do mutual authentication. Correct?
s_server -cert "D:/ssl/src/Keys/usingUIforopenssl/servernewpublic.pem" -key
"D:/ssl/src/Keys/usingUIforopenssl/servernewpriva
Deep Chand schrieb:
Hi,
I have written a test client in java and using openssl s_server to verify
the connection, mutual authentication. I used keytool to generate
self-signed certificates (JKS ) and then used keytool UI (freeware) to
generate the certs in PKICS#12/PEM format for openssl. I use
BSC schrieb:
Hello
I need to generate unsigned (not signed by any certificate) CRL
How can I do this? Maybe it is possible to crack signed CRL and eraze a
signature?
Please help
Regards,
BSC
I cannot imagine any use for an unsigned CRL, since everyone could forge
such a CRL. So I doubt it
Mark H. Wood schrieb:
[...]
(think what would happen if you were to look up these
certificates somewhere other than locally, and someone were to spoof the DNS
entry... since you are looking up these certificates to make a trust
decision, it would be possible for an attacker to
Hadmut Danisch schrieb:
Hi,
is there a way to retrieve certificates from LDAP instead from
/etc/ssl/certs ? Didn't find anything in FAQs and man pages...
regards
Hadmut
AFAIK LDAP is not used in OpenSSL tools or library functions.
Of course it would be possible (though probably a good bit o
Victor Duchovni schrieb:
On Sun, Jun 17, 2007 at 05:06:21AM +0200, Alain Spineux wrote:
IE6 complains about the domain name not matching the certificate.
Rightly so. RFC 2818, section 3.1, paragraph 4:
Matching is performed using the matching rules specified by [RFC2459].
If mo
Bruno Costacurta schrieb:
[...]
Thanks for details.
In fact, I expected to see the fingerprint of the certificate stored somewhere
in index.txt file (as CN is not a unique id within the CA).
Any reason not to store the fingerprint ?
The serial number of a certificate is (must be!) unique f
domi schrieb:
Hello Bruno and Thomas,
Number 1 and 4-6 are definitively right as long as I know. I think that
number 2 and 3 are correct too. But I‘m not quiet sure.
Thomas would you be so kind and tell me in what format the time is written?
Or just give me link where I can find the information;
leseul schrieb:
When I generate a key pair with an openssl genrsa command I get a private
key. But where is the corresponding public key stored?
There seems to be an openssl command pkey
(http://www.openssl.org/docs/apps/pkey.html) for this, but my version
does not know it.
A workaround seem
Buffalo Dickens schrieb:
Dear Ted, yes, I found that too. It just looks for *.pem files. I just
used the c_rehash from the source code package of openssl-0.9.8e. Is
it feasible for me to just rename file.crt to file.pem?
openssl usually does not rely on filenames or extensions, with only a
fe
Buffalo Dickens schrieb:
Thank you Ted! However, when I c_rehash the directory which contains
both ca.crt and server.crt, there seems to be no response. As a result
no hash.0 file is generated.
[EMAIL PROTECTED] tools]# ./c_rehash /path/to/certs/
Doing /path/to/certs/
[EMAIL PROTECTED] tools]# l
Buffalo Dickens schrieb:
Dear all, I encountered a strange problem. I generated self-signed
certificates and want to test whether they work OK.
[EMAIL PROTECTED] openssl verify -verbose -purpose sslclient -CApath
/path/to/CA/ /path/to/cert.crt
/path/to/cert.crt: /C=US/ST=America/L=CA/O=UC/OU=CS/
Milan Kotaška schrieb:
Hello,
sorry for this post, but I'm a beginner in an OpenSSL.
I would like to use OpenSSL functions to connect to WEB server via HTTPS
protocol. I have received a certificate file with P12 extension from a WEB
application provider.
The goal is to send a HTTPS POST reques
Erik Leunissen schrieb:
I'm trying to set up a CA, following the guidelines in:
"Network security with OpenSSL", and checking with the latest
documentation that comes with 0.9.8e.
I've managed to:
- generate a root CA certificate and corresponding private key
- generate a certificate request
Bruno Costacurta schrieb:
[...]
- serial information within the certificate is useless
If you are still talking of only the serial number you are correct. But
if you also know the issuing CA you can uniquely identify the
certificate. A CRL (Certificate Revocation List) for example w
Bruno Costacurta schrieb:
Hello,
as a newbie, I have some assumptions / questions hereafter about OpenSSL
and certificates. Many thanks to correct / confirm me.
- a certificate is a public key with metadata
- metadata contain mandatories (ie. subject and issuer) and optional
parameters
- the
Randall Hand schrieb:
WEll, I understand the SSH way as I use it regularly, but I'm having a
hard time finding documentation and examples on the SSL way to do this.
Do you have any code examples, or know where I might find some? I
managed to figure out how to do DH matching, which gives me encr
Urjit Gokhale schrieb:
Hello,
Could someone help me understand what is happening here?
It's important to realize that the client decides wether to accept a
server's certificate or not!
If you want OpenSSL to do "the standard client's job" (that is, check if
the server has a certificate, t
dale gallagher schrieb:
Thanks for the responses and useful advice.
I do understand the security benefit of having a separate cert per
physical host.
Imagine the case that one of your hosts gets compromized. If you are
using wildcard certs then the bad guy can use the certificate to mimic
ea
Johan Lindquist schrieb:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all,
I have been trawling Google in an attempt to find information on how to
create a certificate which DOES NOT contain a signature.
I realise this is a out of the ordinary question, but I require this in
order to test
Martín Coco wrote:
Hi,
[...]
I've been reading the man for OpenSSL, this mailing list, and also
acquired the book "Planning for PKI".
I've not read the book. Maybe I can nevertheless give you some helpful
hints.
My main goal is to design a PKI for our server infrastructure (ldaps,
https, ma
Stewart Dean wrote:
We have been getting our certificates from Verisign...who appear to me
to be getting an awful lot of money for a wisp of virtuality, for all
that they are the standard of the industry. We have a server that now
needs a certificate and I went looking for cheaper certificates
Net Warrior wrote:
Hi there guys.
My question is simple, one I've created the certficates and I want to
deploy the public key to the clients,.
which will be he best methood to do the deployment of the cacert.pem file?
When you have 10 machines you con go one by one and copy that file by
your
Eshwaramoorthy Babu wrote:
Hi Bernhard,
Thanks for your response.
Thanks for your response.
We have already purchased the certificate. But we do not have have
private key with us. because we have submitted the csr request from
CA's website.
My client is not Browser. It is JAVA application
Eshwaramoorthy Babu wrote:
Hi,
We have a JAVA SSL client talking to HTTP Server.
The server side ssl is working fine. Now we are planning to use client
authendication(server authendicating client).
I spoke to the certificate provider (comtrust) regerding this. He
suggested me to purchace a
IT Professional wrote:
Thanks Ted,
I've download it. Am wondering whether you have tried compiling it in windows?
Cos I'm wondering whether the compilation commands have changed.
I'm using the following set of commands:
perl Configure --openssldir=C:/www/Apache22/bin VC-WIN32
ms\do_ms (It didn't
IT Professional wrote:
Hi,
Anyone know where I can download the source for OpenSSL 0.9.9[-dev]?
Couldn't find it either at OpenSSL root or mirrored sites.
Thanks!
Downloading the latest snapshot from
ftp://ftp.openssl.org/snapshot/openssl-SNAP-20061025.tar.gz worked fine
with me...
Hop
Warrick FitzGerald wrote:
Hi Guys,
I’ve run into a bit of a snag.
I setup an MTA using TLS and installed a self signed certificate. I then
sent the public CA certificate that I used to create the self signed
cert to the mail admins to add to their trusted CA’s list.
What I had not noticed is t
Chong Peng wrote:
guys:
how to tell a root certificate from a non-root certificate? i sthere a field in
x509 structure for us to tell? thanks.
Root certificates are self signed, that is the issuer equals the subject
in the certificate.
Hope it helps,
Ted
;)
--
PGP Public Key Information
Forwarded from Mike Hambidge so that the answer will hopefully find its
way into the archives:
Mike Hambidge wrote:
Tried to post this response to the openssl-users mailing list but
apparently majordomo doesn't like my mail server :/ So anyhow, I
figured I'd email you direct:
I was wonderin
Vincenzo Sciarra wrote:
I want to verify that a client certificate is issued by an acceptable CA.
Thanks
You'd do it the same way as verifying that the server's CA is
acceptable. Would be something like
* Setting a CA-file or a CA directory containing the acceptable CAs
into the contex
Hi there,
I still can't get a grip on the security implications of those DH
parameters. I understand that they have to be "chosen carefully" but
otherwise they may be public. This would imply that once a good set of
parameters has been found everybody could use them "forever" (that is,
until
Vincenzo Sciarra wrote:
Hi,
I'm developing an application using X509 cert stardard.
I'm trying to use a remote Certification Authority in
client-server authentication exchange.
In other words :
Client send public key to server - Server verify client's public key
with CA - Authentication e
Dan O'Reilly wrote:
Trying to test certs before moving on to LDAP tests. The certs were
obtained from a CA running on a MS box. Here's what happens:
openssl s_client -connect adtest:636 -cert foo.pem "-CAfile" homeca_ce
rt_chain.p7b
Enter pass phrase for foo.pem:
CONNECTED(0003)
depth=0
Richard Conlan wrote:
How does on use OpenSSL on the server to verify a client-side SSL
cert? Any examples of this?
~RMC
Have you had a look at http://www.opensslbook.com/code.html? IIRC there
is such an example...
Hope it helps.
Ted
;)
smime.p7s
Description: S/MIME Cryptographic Signature
Markus Wenke wrote:
Hi,
I want to write a Client-Server-application, which connection is SSL
encryted.
Can I define the crypt algorithm which is negotiate while handshake?
Is there a crypt algorithm which does not change the size of the data?
[...]
Did you miss my reply? I'll cite it once more (
Aarno Syvänen wrote:
Hi List,
I am implementing EPP over SSL. It requires
me send send hex data (the length of the xml
document). In addition, making EPP request
twice is an error. So it differs http with both
these counts.
Then the problem: when i am doing SSL_write,
it does return full length
Markus Wenke wrote:
Hi,
I want to write a Client-Server-application, which connection is SSL
encryted.
Can I define the crypt algorithm which is negotiate while handshake?
See http://www.openssl.org/docs/ssl/SSL_CTX_set_cipher_list.html
Is there a crypt algorithm which does not change the si
Jeanna Geier wrote:
[...]
$ openssl genrsa -des3 -out server.key 2048
Loading 'screen' into random state - done
Generating RSA private key, 2048 bit long modulus
+++
..+++
Hmm, I have tested the command line on my Win32 version of openssl an
[EMAIL PROTECTED] wrote:
Hi,
i have setup a small CA and i use the Aladin etoken Pro USB CA to host the root
private key.
the revocation operation (openssl ca -revoke cert.pem ...) request the User PIN.
Does someone know why the PIN is required for this operation?
Does anybody know if it is po
Hong Ye wrote:
I need to install openSSL so I can build Apache_2.0.59 with SSL
enabled. I saw Openssl 0.9.8c and 0.9.7k were released on the same
day. What's the difference between this two versions? Which one should
I choose for building Apache 2?
This would probably be more appropriate on an
Bernhard Froehlich wrote:
[...]
As I understand it a fingerprint scanner does not send the fingerprint
itself to the computer but uses the fingerprint to unlock an internal
storage containing a private key (or maybe a password). So you don't
have to contact a surgeon if your machi
David Irvine wrote:
[...]
Many thanks for replying - your right I am a bit off topic (and I hope I
don't need a surgeon for being so ;-) ) but I suppose it is slightly
related to the securing of info.
Yes, I'll reply on the list till someone complains.
I think you are correct in your
assumptio
David Irvine wrote:
Sorry of this mail is a bit off the line and discussed a thousand times.
'But'
What's peoples opinions on beating keyloggers and does biometrics help
at all, i.e if a fingerprint scanner gets logged then is this worse
cause you cant really change your finger?
Just looking fo
On 8/28/06, Milan Tomic <[EMAIL PROTECTED]> wrote:
While atempting to establish SSL connection I got this OpenSSL error:
Certificate Verification: Error (20): unable to get local issuer
certificate
[...]
One of the possible reasons for this error is that the server cert is
signed by an inter
snacktime wrote:
[...] I could generate a
random key for each request, encyrpt it, and stick it in the database
with the request, but I was hoping for a simpler solution. Are there
any asymmetric ciphers in openssl that don't have the same limitation
on the amount of data that can be encrypted?
tizon wrote:
Dear OpenSLL users,
first of all, let me point out that I'm a total newbie in the
area of encryption. So maybe, my question could sound stupid ...
I'm using OpenSSL 0.9.8a-7build1 on Kubuntu Dapper.
And i just would like to create a PEM certificat file with two DER
encrypted file(
Charlie Lenahan wrote:
George Adams wrote:
[...]
2) Related to that, should I be worried that I'm generating a
public/private keypair for my Apache2/mod_ssl server that's only
1024-bits? Do I even have the OPTION of having a larger/stronger
key, or am I going to hit some weird compatibility p
Scott Campbell wrote:
[...]
My question is (rephrased), if possible, how can I hide the
headers in OpenSSL from being broadcast to software running
rudimentary security scans (e.g., Nessus)?
Is there a line I can add to a conf file?
Is preventing the broadcast of software, version,
Kaushalye Kapuruge wrote:
Hi,
I'm trying to encrypt a Text using a session key and then encrypt that
session key using the public key of the reciever side. Can anybody
point me to an example in C?
For this
1. I need to read the key using PEM format.
http://www.openssl.org/docs/crypto/pem.html
Fitzsimons, Nick wrote:
[...]
I notice however that if I set the Status column to be R(evoked) I get
a staus of unknown rather than
revoked.
Does anyone have any observations on this ?
The relevant code goes as this (apps/ocsp.c lines 1063 and following):
inf = lookup_serial(db,
Fitzsimons, Nick wrote:
Hello All,
Does anyone know where there is a definition of the
format of the contents of the index.txt file used with the ocsp and ca
commands ? (This file contains info on the revocation status of
certificates).
Thanks,
Nick
First of all the format
l Burnerheimerton wrote:
[...]
Ted - many thanks for your help. Just so I understand
correctly, I generate a private key certificate using
openssl to export it to a file that would then be
imported into a browser.
I can then use that server key to encrypt data that
only those users for whom I h
l Burnerheimerton wrote:
I am new to this but I think what I want is to use a
private key client X.509 certificate and install it on
clients' web browsers to use as access control from
only thos authorized to access and decypt data only
they should be allowed to see.
I am using openssl, linux en
Olaf Gellert wrote:
Hi Joe,
Joe Gluck wrote:
Does anyone know how can I revoke a certificate, even if I don't have
the certificate file anymore, (using openssl) can I just update the
index.txt line associated with this certificate, change the V to R and
add the revocation date? If this should w
Dave Pawson wrote:
On 26/07/06, Bernhard Froehlich <[EMAIL PROTECTED]> wrote:
The relevant entries of my openssl.cnf:
[ ca ]
default_ca = CA_default# The default ca section
[ CA_default ]
default_days= 365 # how long to certify for
Thanks. - a
Dave Pawson wrote:
[...]
I couldn't get it to set from within the conf file.
It defaults to 30 unless set from the command line.
The relevant entries of my openssl.cnf:
[ ca ]
default_ca = CA_default# The default ca section
[ CA_default ]
default_days= 365
Richardson, Robert H wrote:
Greetings,
I have been trying to find documentation on the maximum value
that the "days" argument will accept for an SSL generated certificate.
We will be using an integration engine product (Cloverleaf) to post
X12 Eligibility requests via HTTPS to a trading pa
Urjit Gokhale wrote:
Hi,
I am planning to ssl enable my client server application, that I will
be making available for commercial use. In this process I had planned
to use openssl command line utility as CA to give out certificates (I
am going to work as private CA). But just then, I came acro
Jean-Romain PAC wrote:
Hello,
It seems that my index.txt (OpenSSL) database is corrupted. When I try
to add a new certificate, or want to do anything that will have an
influence to the database, I have this error message :
error creating name index:(2,1,7)
How can I repair it ?
Jean-Romain.
Alfred Thomas wrote:
Hi
I have a X509 certificate I want to read into a X509 structure. When I do
the following SSL command:
openssl x509 -inform DER -in d:\certs\test.der -pubkey
it displays the valid Public key etc.
Now I use the following to read the certificate:
X509 * x509 = NULL;
FI
Leon wrote:
Thanks for your reply!
Some days back, we had a riot on "select" call usage. You may revisit those
posts to see if it is helpful.
Well, I do not think it is select() since it works for a 1000 threads.
The part that fails is also part of the standard OpenSSL code so I would
Marek Marcola wrote:
Hello
And for the great unwashed using Windows Marek :-)
Is it just the online versions?
On Unix pod2man.pl script is used.
I think that pod2chm from CPAN perl module may help :-)
Best regards,
Another option may be using http://www.openssl.org/docs/crypto/,
h
Andy Glass wrote:
I'm brand new to Soap and SSL. I have used SoapClient functionality
built within PHP to successfully call a web service using its WSDL.
So, I feel fairly comfortable about that. However, I am now working
on a project that calls for me to call a web service and authenticate
mys
Lawrence Rose wrote:
Hi:
I setup the four openSSL examples in Viega et al with certs and ran
fine until the 30 day certs expired. Now after I cut a new root.pem
and sereverCA.pem I cannot pass certificate verification. Where have
I gone wrong?
I've tried everything these past several days
Rory Vieira wrote:
Hi,
Thanks to Ted I have created a very safe backup system that uses des3
encryption, and certificate encryption of the des3 key.
See below for the "very safe" part... ;)
I was testing out the OpenSSL suite, and was trying to add a signature to the
encrypted key file (t
probably if you connect with java clients by using
javax.net.ssl?
I cannot tell you this, I'm no Javanese... ;)
- Original Message - From: "Bernhard Froehlich" <[EMAIL PROTECTED]>
To:
Sent: Monday, April 24, 2006 11:00 AM
Subject: Re: Server Side Certificate to send
Stefan Walter wrote:
Hi,
i am new to OPENSSL and have a specific question...
i want to write a server and client, but the client doesnt have the
certificate. how can i start the transfer of the certificate to the
client?
i think the same is done with webserver and browser?
please help..
Rory Vieira wrote:
Hi,
For our customers we make backups (like everyone else).
However, legal restrictions apply to the specific branche we work in.
We are required to encrypt the data.
In the past I was using simple DES3 encryption, but now I would like
to use the customers secure certifica
Susanne Kaufmann wrote:
Hello,
While experimenting with my apache webserver and Openssl, there came
up some questions. At first, what i am doing actually:
Actually I am using Client Authentication to identify and login to a
website. But now I want to add the possibility to encrypt files with
Vanessa Campos wrote:
Hi,
I'm starting to use openssl now.
Does anyone know where I can find some sample code using openssl (a
simple client / server sample) so I could see how it works.
I'm tring to read the docs, but it'd be less complicated to me if I
could see a real one working.
Try htt
michael Dorrian wrote:
Is this correct or is there a simpler way. I have to revoke all my
client,server and root files and then basically create everything over
again?.
It depends on which certs are expired. If it's the root certificate
which has expired you're basically correct. But there's n
LIDA WANG wrote:
I am sorry i keep bothering you guys, but i am stucked here.
function d2i_DHparams() is created in the following macros:
#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname,
fname) \
stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
LIDA WANG wrote:
Does anyone know how to find the body part of function i2d_DHparams()?
I can only find the definition part of this function
I think it is created by the macro
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname in file crypto/dh/dh_asn1.c.
The macro is defined in crypto/asn1/asn1t.h
vipin rathor wrote:
hi all,
I want to develop a small utility in C to show all information
about the X509 certificate file in a structured comprehensive(as
displayed by browsers like IE). i'm working on SLES 9. so please help
me out
one more thing, i know the routines like X509_get
[EMAIL PROTECTED] wrote:
On 3/13/06 8:43 AM, openssl-users@openssl.org wrote to All:
On Mon, 2006-03-13 at 08:35 -0500, [EMAIL PROTECTED] wrote:
So for one group, they will give them a HTTPS URL for domainX, and for
another group, they will give them another HTTP URL for DomainY, but
王 振江 wrote:
> Excuse me:
> When I create an certificate, encounter this error:Unable to load
> config file.
> The ditails below:
> My system enviroment:FC3 core + apache-1.3.33 +openssl-0.9.8 +
> mod_ssl-2.8.28 Install Mode :DSO
> when i excute command in shell:
> #openssl req -new -x509 -days 3650
kloomis wrote:
At 11:17 PM 3/6/2006 -0700, you wrote:
The practical upshot of this is, yes, your apache configuration needs
the privkey.pem file in order to do SSL/TLS at all.
I have myServer.csr, myServer.cert and myServer.key located in
ssl.csr, ssl.crt, and ssl.key respectively. The ssl.c
1 - 100 of 201 matches
Mail list logo
