Hi,
I've been trying to implement fakebasicauth because I hate having to
authenticate on every reload using normal client certificate
authentication.
However I can't get it to work on openbsd. I've followed the directions at:
http://httpd.apache.org/docs-2.0/ssl/ssl_howto.html
and it just won'
You need to install the root certificate into the clients browsers.
You can distribute root certificates to clients by incliding the root
certificate within the pkcs12 file or
As all browsers act differently in accecpting certificates I use a perl
script get to format the certificate for the pre
Is there a way to use openssl to create and import
S/MIME certificates for use with Lotus Notes?
Oliver
> is there any way to tag these certificates so that a
> browser will refuse to export them?
If importing p12's into MSIE don't select the option on the browser that
says "Mark private keys as exportable" if using pkcs7 on the MSIE html
request form set the "GenKeyFlags" to 1.
On Netscape you c
> >Because the mailing list processor is configured to set the Reply-To
> >address to the list address. IMHO this should be changed to reduce
> >such problems with automatic replies (vacation e-mails, virus-scans
> >etc.).
>
> But that would make *regular* replies a pain in the ass for list
> memb
> However, when I try to use it to sign/encrypt email, 'Outlook Express'
> informs me that I don't have a digital ID ( and offers me the opportunity
to
> procure one from a trusted CA ).
After importing it you have to enable it in your E-mail client:
Outlook Express:
tools>accounts>mail>your ac
good links! Thanks
- Original Message -
From: "Greg Stark" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 31, 2001 12:54 AM
Subject: Re: CA-How to
> http://www.ultranet.com/~fhirsch/Papers/wwwj/article.html
> http://www.modssl.org/docs/2.8/ssl_intro.html
>
>
> =
Thanks for your help on this one but sorry I don't get any output I just get
a file created: "openssl.core" Do you know what type of things cause a core
dump? I can't say I've experienced it to often in the past.
I'm assuming it's something to do with apache clashing with openssl, because
ssh is
RE: smime system call problem> #!/usr/bin/perl -w
>
> system("openssl smime -encrypt -in message.txt -out crypto.txt cert.pem");
I suggest that this is NOT the way to do this. Its better to open it
something like this:
our $Debug=1;
#DONT FORGET THE PIPE AT THE END!
open (SSL,"openssl smime -encr
Hello,
> Does the script run ok ? ie does it print out "crypto.txt failed" ?
Yes, and it gives me a core dump.
> Does 'message.txt' exist in the current directory (presumably your
cgi-bin)
I've done it in my cgi-bin under cgiwrap as the same user as ssh and I've
run it as an executable elsewhe
Help,
I am having an unusual problem on my openbsd default openssl 0.9.5a install
that I can't work out.
If I am at the command line and run the following simple perl script,
crypto.txt exists, however, if I point my browser at the script crypto.txt
fails.
My permissions in the directory are 77
It is not only you who is getting everything twice. I thought it was just
me.
> I apoligize for sending this question again. The email account I was
using
> has proved to be too unreliable, so I have switched to a different
account.
_
Hello Maxime,
With MS You can do it using xenroll.dll and with Netscape you use keygen to
generate keys on the card.
In MS you have to get a list of available CSP's also using xenroll, and then
user just has to choose the right csp and then they press enter and the card
does the rest. It's a ver
Aslam,
Is this what you are looking for?
http://www.openssl.org/docs/apps/pkcs7.html#
- Original Message -
From: "Aslam" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, April 28, 2001 1:08 AM
Subject: PKCS#7 support in openssl-0.9.6a
> Hi,
>
> Is there any documentation
t;[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, April 25, 2001 1:30 AM
Subject: Re: Smart Card Readers
> From: "Oliver Bode" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject:Re: Smart Card Readers
> Da
Hello Maxime,
You can find out more about the pkcs11 standard here:
http://www.rsasecurity.com/rsalabs/pkcs/pkcs-11/
When Smart Card manufacturers say their cards are PKCS11 compliant, correct
me if I'm wrong, I take this to mean that the card is designed for x509
certificates and it has the ab
I think I've got to try one of those: http://www.ibutton.com/pki.html
I'd love to hear from someone who has.
- Original Message -
From: "Mark H. Wood" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, April 23, 2001 11:56 PM
Subject: Re: Smart Card Readers
> If you don't insi
Hello Eytan,
I would go about this problem something like this:
Output the certificate as text using this
openssl req -in cert.pem -out text.pem -text
push the DN line into an array
then write a temp config file using the array, generate a request using the
config file and then sign the request.
riginal Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Oliver Bode
> Sent: Monday, April 09, 2001 4:56 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Generating a cert request based on another certificate
>
>
> Sorry the commands would be to output as te
Sorry the commands would be to output as text of a certificate:
openssl x509 -in cert.pem -out text.pem -text
Then push the DN into a hash
Make a temp config.cfg file
Create a request using the config file
openssl req -config config.cfg -new -keyout request.pem -out request.pem
Then sign the reque
Thanks,
I'm sure this will sort it out. It's the same problem we've experienced.
Tell me on Win2000 and NT can you have client authentication that will check
multiple root certificates?
Oliver
> Have a look in the archive:
> http://marc.theaimsgroup.com/?l=openssl-users
>
> under the author 'Da
You could try the smime function.
http://www.openssl.org/docs/apps/smime.html
I use the smime function to encrypt and decrypt credit card numbers and to
send me encrypted receipts of transactions. However, you could just as
easily use it to encrypt and decrypt cookies - if that's what you want to
Why do you wish to use public key encryption for this - why not just use a
symetric encryption algorithm like blowfish or something? It just seems like
an expensive way to do the same thing.
Anyway, you could use http://www.openssl.org/docs/apps/smime.html
for encryting and decrypting on the serv
Hi,
I know this isn't an openssl question, however, I know someone on this list
can help.
After generating client certificates and a root certificates for my own CA.
I can easilly implement website authentication using apache and mod_ssl - a
piece of cake.
Windows NT and 2000 presents other pro
of the problem for us (and graphics not loading was the other
> symptom).
>
> Jeff
> [EMAIL PROTECTED]
>
>
> On Tue, 20 Mar 2001, Oliver Bode wrote:
>
> > Hello,
> >
> > I am now often getting the error message "The page cannot be displayed"
> > us
25 matches
Mail list logo
