Yeah, it does seems to do that. I tested it with s_client and s_server, (s_server with -cipher eNULL),and if client also were not with -cipher -eNULL, then connection failed.So, there might be need to explicitly configure both ends of connection. Citējot navin gopalakrishnan : Hi, I am u
Revoking CA issued certificate requires CA private key. It is
necessary to sign CRL.
Maybe on that other machine were located your CA?
Citējot *Daniel Spannbauer [1]*:
> Am 07/18/2011 08:09 PM, schrieb y...@inbox.lv:
> > is that really a self signed certificate? For self signed
> certificat
If that CRL is trying to revoke that root certificate, what in that
CRL could ber forged?
CRL can only revoke a CRT, not unrevoke, right?
I know, that when revoking a certificate, CRL is signed by
certificate issuer (CA),
is there a reason, why a (small) CRL could not be signed by
cartifica
is that really a self signed certificate? For self signed
certificates names of issuer
are the same as names of subject. In your example OU and CN are not
the same.
Also, according to wikipedia, self signed certificates (root
certificates) cannot be revoked,
although I do not understand wh
sha256 worked. (both for dgst and for req)
If i understand correctly, ECDSA algorithm only needs hash as a
defined length
bitstring, so adapting ripemd in place of sha1 should have been
easier than
sha256 (because ripemd has the same length as sha1, sha256 is
longer).
Citējot *Dr. Stephen
openssl dgst -ripemd160 -sign ec5_ca.key shr.o.txt
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Error setting context
5664:error:100C508A:elliptic curve routines:PKEY_EC_CTRL:invalid
digest type:.c
ryptoecec_pmeth.c:229:
Also, in documentation on pkeyutl program is mentioned,
Version of ECDSA available in openssl 1.0.0d supports only SHA1.
(maybe there are patches, which adds other hash functions, but
default build on win32 supports only sha1).
ECDH and ECDSA are not guaranteed to use the same curve. At least
with s_server curve for ECDSA is specified in certifica
When i searched on it, it seemed that ECDH requires specified named
curve, and openVPN does not have a means of specifying it. Also, it
seems that ECDSA works only with SHA-1 (I also would like to know,
why it cannot take any 160 bit hash). I searched about it few weeks
ago and relevant messa
