Thanks for your answer too, I had already seen this wiki page before
posting but I didn't find in it any info on how to do that; I'll look
into it again and try harder then.
F. Delente
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On Fri, Oct 6, 2017 at 12:22 PM, Fabrice Delente wrote:
> OK, I understand, thanks for your answer! I'll look into building
> openvpn 2.4.3 from source.
I believe you only have to set Fedora's security policy to allow MD5.
That is covered in the Fedora wiki page you were provided.
There's no nee
OK, I understand, thanks for your answer! I'll look into building
openvpn 2.4.3 from source.
F. Delente
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hi,
On 06/10/17 17:26, Fabrice Delente wrote:
Hello,
Until two days ago I used OpenVPN to connect to my workplace, on a
non-security sensitive tunnel (just for convenience).
However, OpenSSL updated on my machine (Fedora 26), and now the
certificate is rejected:
Fri Oct 6 17:25:06 2017 OpenV
> Until two days ago I used OpenVPN to connect to my workplace, on a
> non-security sensitive tunnel (just for convenience).
>
> However, OpenSSL updated on my machine (Fedora 26), and now the
> certificate is rejected:
>
> ...
> routines:SSL_CTX_use_certificate:ca md too weak
> Fri Oct 6 17:25:06
Hello,
Until two days ago I used OpenVPN to connect to my workplace, on a
non-security sensitive tunnel (just for convenience).
However, OpenSSL updated on my machine (Fedora 26), and now the
certificate is rejected:
Fri Oct 6 17:25:06 2017 OpenVPN 2.4.4 x86_64-redhat-linux-gnu [SSL
(OpenSSL)]
Hi,
Does X509_verify_cert() checks KeyUsage extension?
Is there any API to check whether the CA certificate is properly used based
on the
Criticality specified in the certificate?
[Eg. CRL signing, Key Cert signing etc.]
Thanks.
--
openssl-users mailing list
To unsubscribe: https://mta.openss
On 29/07/2016 06:13, asmar...@yahoo.com wrote:
Hi,
I am new to SSL stuff.
I was wondering whether the CA chain of a certificate can be changed.
Let say the initial chain is
Server->Intermediate CA1->Intermediate CA2->Root CA
and during renewal we have Server->Root CA
Renewal creates a b
On 05.12.2015 20:20, Viktor Dukhovni wrote:
On Sat, Dec 05, 2015 at 07:55:50PM +0100, Walter H. wrote:
my website has an official SSL certificate, which I renewed this year to
have a SHA-256 certificate;
when I test my site with SSLLabs.com, I'm shows two certificate paths:
the first one:
my S
On Sat, Dec 05, 2015 at 07:55:50PM +0100, Walter H. wrote:
> my website has an official SSL certificate, which I renewed this year to
> have a SHA-256 certificate;
> when I test my site with SSLLabs.com, I'm shows two certificate paths:
>
> the first one:
> my SSL cert (SHA-256) sent by server
>
Hello,
my website has an official SSL certificate, which I renewed this year to
have a SHA-256 certificate;
when I test my site with SSLLabs.com, I'm shows two certificate paths:
the first one:
my SSL cert (SHA-256) sent by server (SHA1 Fingerprint:
0fae9fd23852fb834fe4f32d7d3c73714daa6aa9)
t
Hi,
> Thanks for your response. I'm sorry my question wasn't clearly defined
> (it was "will this file work correctly? If so, why?"), but you seem to
> have answered nonetheless, thank you.
>
> As a followup question, is there a way to include these certs in the way
> originally intended by the
Excellent, just what I was looking for and incidentally a source I can cite
to my client. Many thanks!
On 25 November 2013 17:24, Ralph Holz wrote:
> Hi,
>
>
> > Thanks for your response. I'm sorry my question wasn't clearly defined
> > (it was "will this file work correctly? If so, why?"), but
Hi Erwann,
Thanks for your response. I'm sorry my question wasn't clearly defined (it
was "will this file work correctly? If so, why?"), but you seem to have
answered nonetheless, thank you.
As a followup question, is there a way to include these certs in the way
originally intended by the mozill
Bonjour,
Le 25/11/2013 17:14, Sassan Panahinejad a écrit :
I am dealing with a CA certificate bundle, similar to this one:
https://github.com/twitter/secureheaders/blob/master/config/curl-ca-bundle.crt,
like the example, the one I am dealing with was automatically
generated from mozilla's cert
> From: owner-openssl-us...@openssl.org On Behalf Of Peter Lin
> Sent: Wednesday, 01 June, 2011 04:35
> I am having a similar problem here:
> For some reason I need to renew/extend a intermediate certificate
> within a chain. Without setting the old serial number, all it
I am having a similar problem here:
For some reason I need to renew/extend a intermediate certificate within a
chain. Without setting the old serial number, all its descending certs
verification will fail when use 'openssl verify'.
So the question is: Is there anyway to issuing a new signing certi
If this isn't resolved yet, can you post the contents of the old cert, new
cert and the user cert?
-Sandeep
On Fri, May 20, 2011 at 8:33 PM, Alex Bergmann wrote:
> Hi Erwann!
>
> On 05/19/2011 10:20 AM, Erwann ABALEA wrote:
>
> "old" end-user certificates can only be verified by the "old" CA
>
Hi Erwann!
On 05/19/2011 10:20 AM, Erwann ABALEA wrote:
"old" end-user certificates can only be verified by the "old" CA
certificate, of course (in case the CA is "renewed", with its key
changed, etc).
I didn't "renew" the CA certificate, I've used the existing private key
to create thr new o
Hi Erwann!
On 05/19/2011 10:20 AM, Erwann ABALEA wrote:
"old" end-user certificates can only be verified by the "old" CA
certificate, of course (in case the CA is "renewed", with its key
changed, etc).
I didn't "renew" the CA certificate, I've used the existing private key
to create thr new
Hodie XIV Kal. Iun. MMXI, Dave Thompson scripsit:
> > From: owner-openssl-us...@openssl.org On Behalf Of Erwann ABALEA
> > Sent: Thursday, 19 May, 2011 04:20
>
> > Hodie XV Kal. Iun. MMXI, Alex Bergmann scripsit:
>
> > > The only way I found was to give the new Root Certificate the same
> > > ser
> From: owner-openssl-us...@openssl.org On Behalf Of Erwann ABALEA
> Sent: Thursday, 19 May, 2011 04:20
> Hodie XV Kal. Iun. MMXI, Alex Bergmann scripsit:
> > The only way I found was to give the new Root Certificate the same
> > serial number as the previous one.
>
> That's forbidden by X.509 s
Hodie XV Kal. Iun. MMXI, Alex Bergmann scripsit:
> On 05/18/2011 11:17 AM, Erwann ABALEA wrote:
> >Bonjour,
> >
> >Hodie XV Kal. Iun. MMXI, Jean-Ann GUEGAN scripsit:
> >>Hi !
> >>
> >>It’s possible to renew a Certificate Autority or extend the date
> >> validity
> >>?
> >
> >These 2 op
On 05/18/2011 11:17 AM, Erwann ABALEA wrote:
Bonjour,
Hodie XV Kal. Iun. MMXI, Jean-Ann GUEGAN scripsit:
Hi !
It’s possible to renew a Certificate Autority or extend the date validity
?
These 2 options are possible.
"Recertify" (i.e. sign the same certificate, but change the ser
Bonjour,
Hodie XV Kal. Iun. MMXI, Jean-Ann GUEGAN scripsit:
>Hi !
>
>It’s possible to renew a Certificate Autority or extend the date validity
>?
These 2 options are possible.
"Recertify" (i.e. sign the same certificate, but change the serial
number and validity dates) is the least
25 matches
Mail list logo
