In order to track down this error: Is there somebody out there, who has
been able to use a fips-capable openssl with engine_pkcs11 succesfully?
regards
Mathias
On 07/11/2012 12:32 PM, Mathias Tausig wrote:
> Hello!
>
> I am trying to sign a certificate with a FIPS enabled build o
Hello!
I am trying to sign a certificate with a FIPS enabled build of openssl
(1.0.1c, FIPS object module 2.0) and the PKCS#11 engine (using a Safenet
eToken).
I did this procedure before (with the non-fips version) using an openssl
config file:
openssl_conf = openssl_def
[openssl_def]
engines =
Hello!
Which padding method does openssl use, when I sign a certificate with
the 'ca' command (using an RSA key)?
Is there a way to change it?
cheers
Mathias
smime.p7s
Description: S/MIME Cryptographic Signature
Did you specify the "-inform der" option?
On 05/11/2012 01:35 PM, brajan wrote:
>
> I am getting the below error message when i am try to READ the CRL content .
>
> 19104:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
> tag:tasn_dec.c:1294:
> 19104:error:0D07803A:asn1 encoding rout
On 02/01/2012 12:59 PM, Bram Cymet wrote:
> Hi,
>
> I am attempting to use openssl with the Luna SA HSM. I am getting the
> following error:
>
> can't use that engine
> 140064027543208:error:2606B08C:engine routines:ENGINE_finish:dsa not
> implemented:e_lunaca3.c:710:DSO not set
> 140064027543208
Hy!
If I revoke a certificate using the "-revoke" option of the "ca" command
and pass it a certificate which is issued by a different CA, this is not
checked by openssl.
Which has the consequence, that (if the serial number of the certificate
to be revoked is not present yet) a new entry is added
On 11/28/2011 08:33 AM, prabhu kalyan rout wrote:
> Hi,
> my question is how many certificate storage formats are available and
> what are they?
>
> just like del pks12
To my knowledge, there is PEM, DER, PKCS#7 and PKCS#12.
cheers
Mathias
Hello!
If I revoke a certificate using the ca command and manually set the
invalidity date with the -crl_compromise option, the revocation reason
is automatically set to keyCompromise. If I try to override this
behaviour by setting -crl_compromise and -crl_reason (to something else,
like affiliati
The rpoblem is, that the handling of the samrt card is a bit complicated in the
state it is now, and I'm simply not sure, wether I am able to make the
certificate without using the private key at all (that is without signing, too).
cheers
Mathias
Am 01. Oct 2007, schrieb Mike Nelson:
>Yes. Fi
e certificate
> signature.
>
> If you are issuing a self-signed certificate, then you'll need to use the
> private key on the smart-card in order to generate the signature needed in
> the certificate.
>
> I hope this clarifies your doubts :D
>
> Later,
> Max
>
>
Hy!
Is it possible to create a certificate with openssl without using the
coresponding private key (which is stored in a smartcard) but with the public
key only?
Mathias
__
OpenSSL Project http:/
11 matches
Mail list logo
