Dg B wrote:
>
> Hello!
>
> I have been fiddling with OpenSSL now for over a week, and cannot make
> sense of this thing. :(
> I desperately need to create an Object signing certificate for my work at
> hand. However, all of my attempts are not working.
>
> Is there a step-by-step instructi
> ¾G¹ÅÂ× wrote:
>
> Hi,
>
> As we know, SSL protocol do not support signature function.
> But Netscape does it by signtext javascript function call.
> How about IE? Does IE support signature function?
> If IE does not, is it possible that writing a Microsoft Crypto API
> ActiveX which
> access t
With the last version 2.3.9-1.3.9 compiled on a RedHat 6.1 box I have
the following behaviour with SSL and running the following script:
#!/bin/sh
echo "Content-type: text/plain"
echo
set
--
BASH=/bin/sh
BASH_VERSIO
There are a lot of documents and standards concerning certificates:
X.509 and other X.5xx ITU specifications;
IETF PKIX and SMIME drafts and RFCs;
RSA PKCS specification;
Some others.
I find very hard to get a clear vision of the whole matter.
Please, can someone suggest a good book?
--
I am trying to issue objectsign cetificates for JDK 1.2 keytool. I can
get a user certificate signing the CSR produced with keytool, but
unfortunately keytool refuses to import my CA root certificate. The
problem seems related to the lack, inside keytool, of a provider (a set
of Java classes) that
> If you asked about how to do it in C code then look at the
> relevant lines in apps/x509.c ;-)
>
> Mario Fabiano schrieb:
> >
> > How can I convert a certificate obtained with openssl CA from PEM to
> > PKCS#10 format?
> > Thank you in advance for any help.
>
I want to issue a X509v3 certificate with openssl CA to sign Java
applets.
What extensions must I define in the ssleay.cnf file?
Thank you in advance.
--
Mario
__
OpenSSL Project
Dr Stephen Henson wrote:
>
> OpenSSL can still produce V1 CRLs. Even if you delete the whole crl_ext
> section it will still generate a V2 CRL. What you need to do is comment
> out the line:
> crl_extensions = crl_ext
> e.g. put a # at the start. When it sees that no crl extension section is
> na
Dr Stephen Henson wrote:
>
> Mario Fabiano wrote:
> >
> > Then I convert the CRL into other formats, like pkcs7 or DER, e.g.:
> > openssl crl -inform PEM -in $CurrCrl -outform DER -out $dwnlcrl
> ...
> Forget the other formats in my experien
I run a my own demo CA based on openssl 0.9.2b and other stuff
(apache-mod_ssl and php3).
I am trying to load a CRL into a Netscape Communicator 4.06 or higher.
I get the CRL with the command:
openssl ca -gencrl -config $CrlConfig -out $CurrCrl -key $Password
Then I convert the CRL into o
Kaur Virunurm wrote:
>
> You can repeat any attribute in DN as many times as you wish.
> The way to do it is to add multiple entries for this attribute
> into the [req] session of your config file. Example:
>
> 0.stateOrProvinceName = State or Province Name 1 (full name)
> 0.stateOrPro
I got a free demo certificate from Verisign. The subject distinguished
name shows three OU, i.e.:
Subject: O=VeriSign, Inc., OU=VeriSign Trust Network, OU=www.verisign.com/repository/RPA
Incorp. by Ref.,LIAB.LTD(c)98, OU=Persona Not Validated, OU=Digital ID
Class 1 - Netscape, CN=Mario [EMAIL PR
Steffen Dettmer wrote:
> > I am using OpenSSL 0.9.2b 22 Mar 1999 on a RedHat 5.2 Linux box.
>
> > Error Loading extension section x509v3_extensions
> > 2191:error:2206506F:X509 V3 routines:V2I_ASN1_BIT_STRING:unknown bit
> > string argument:v3_bitst.c:146:section:,name:0xA0,value:
>
> the synta
I have created a crl using the openssl command:
ca -gencrl -config somepath/mypolicy.cnf -out anotherpath/mycrl.crl
I have also tried to convert mycrl.crl to some other formats (DER, TXT);
Whatever the format I use, Netscape Communicator refuses to load the crl
and says:
"The certificate revoca
I run a my own CA based on OpenSSL, got with the CA.sh script.
The certificates that I find in the repository (that is the directory
newcerts) have the X509 extensions correcty readable, i.e.:
X509v3 extensions:
Netscape Base Url:
https://aurora.space.worlds/ca/
Netscape CA Revocati
15 matches
Mail list logo
