> Anyone there have any information on generation of client certificates with openssl?
>I can generate them (albeit only for Netscrape at the moment - IE doesn't seem to be
>playing ball) but Netscape won't verify them claiming it's not certified for email.
Check to see the CA that has certifie
f you
are willing to contribute to the requirements, I am prepared to finally do
my share of development (sorry, have not been programming that much for the
past 2 years...)
Jan Meijer
SURFnet
--
alive ~ true
__
> Check out the docs in the latest snapshot, particularly the verify and
> x509 commands. They explain how things operate in the snapshot and
> pretty much how 0.9.5 will do things.
Thanks. Think I can find the time somewhere this week :) When the
organisational reshuffles are over and I'm stil
Again, slightly off-topic.
> We use apache as a proxy server. All you need to do is turn on
> 443 in addition to the normal 80 socket in the server. Works fine for
> us and 5 proxy servers running apache. I recommend apache as a
> proxy *very* highly.
I've tested the apache-proxy as well, in co
Hi everyone,
Thanks for the reactions. I'm more confident in using it now :), if we have
some notible experiences during our use I'll be sure to mail them to the
stunnel mailinglist :)
Jan
--
alive=true
__
OpenSSL Project
Hi,
We're planning on using stunnel in a production environment, but only if we
can somehow verify how trustworthy it is. We could perform a
source-code-review, but perhaps it's fully trusted by you all?
Jan
--
alive=true
__
O
Hi,
Perhaps a little off-topic, but think it is still relevant. Now our ca is
nearing completion we are thinking about setting up a pilot testsite.
What we want to do is the following:
Outside <--> WebsiteA <-- |firewall| --> WebsiteB
We want our employees to be able to get to websiteB throu
> It's in the OpenSSL development version. See
> http://www.openssl.org/source/> for ways to access
> the current source code.
Thank you! Stupid me, just did not look very good :(
Test it on monday :)
Jan
--
alive=true
__
O
Hi Massimiliano,
> You are asking wich type of algorithm the user is about to use (DSA/RSA/
> whatever) ?
Yep.
> I am not sure I understood it (partially because I never took a close look
> to PGP ... blame me (!!!)): can you make some real example ? Cout that be
> the public key itself conta
Dear Steve,
> I've also added a brand new 'spkac' program that prints out the whole
> SPKAC structure and allows one to be created from a private key. Its
> based on your original idea but rewritten from scratch.
>
> Since its all very new I'd appreciate any comments. There may well be
> the odd
Hi Massimiliano,
> and you should be set, just try the program and please report bugs/enhancements
> you might want to add.
I tried your patch today, it compiled smoothly. It also works :) You've
made me a happy man :)
The keysize is exactly what I was looking for, but there are two things I
w
> Most CAs will have some requirements on the lengths of the public keys they
> will sign. Currently the CA has to manually check the key length once a
> certificate request arrives since "openssl ca" gives no indication about
> the key length. I think it would be a good idea if the CA could use t
> > [Thu Aug 26 19:21:36 1999] [crit] Required SSLCacheServerPort missing
> > [Thu Aug 26 19:24:26 1999] [crit] Required SSLCacheServerPort missing
> > [Thu Aug 26 20:21:36 1999] [crit] Required SSLCacheServerPort missing
> > [Fri Aug 27 17:12:02 1999] [crit] Required SSLCacheServerPort missing
W
> Have a look at how apps/ca.c does this. Theres some stuff in the
> function certify_spkac() that handles this at around line 1993, then you
> get to the part that retrieves the public key in line 2053. Once you've
> got the EVP_PKEY structure you can then get the keylength and algorithm
> from
Hi,
I'm currently working on implementing openssl as a production CA (for the
SURFnet office certification authority, SURFnet is the Dutch research net.).
We want to implement the verification procedures around the technical signing
procedures, and now I stumbled into a slight problem. I cann
15 matches
Mail list logo
