it will not be lost?
>
> On Tue, Aug 31, 2021 at 10:01 AM Brahmaji K wrote:
>
>> Hi Team,
>>
>> I'm trying to decode the RSA private key which was DER encoded earlier
>> without CRT components (p, q, dmp1, dmq1 and iqmp is NULL). I'm using the
>> sam
as DER encoded earlier
> without CRT components (p, q, dmp1, dmq1 and iqmp is NULL). I'm using the
> same openssl version for both encoding and decoding, encoding works fine
> but decode fails. In decode, we call EVP_PKEY2PKCS8() function, this is
> failing with below error:
>
> 4
Hi Team,
I'm trying to decode the RSA private key which was DER encoded earlier
without CRT components (p, q, dmp1, dmq1 and iqmp is NULL). I'm using the
same openssl version for both encoding and decoding, encoding works fine
but decode fails. In decode, we call EVP_PKEY2PKCS8() func
Hi,
While implementing my application with RSA, I came across this paper:
https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf
When I implement RSA private key operation with CRT, should I do an extra
verify operation suggested in the paper (section 1.3)? or is this handled
by OpenSSL already
On Tue Feb 17 2015 at 9:23:36 PM Jeffrey Walton wrote:
> > X509* crt = /* how to get my X509 out of the SSL_CTX */
>
> X509* cert = SSL_get_peer_certificate(ssl);
> if(cert) { X509_free(cert); }
>
> Its reference counted, so be sure to free it.
>
Thanks
Hi, Christian
17.02.2015, 12:55, "Christian Parpart" :
> I am rather new to OpenSSL development, but I'd like to integrate SSL
> communication in my little HTTP server.
> While this one is working so far, for SNI I actually need to read out the
> server certificates DNS name extenion and commonNa
> X509* crt = /* how to get my X509 out of the SSL_CTX */
X509* cert = SSL_get_peer_certificate(ssl);
if(cert) { X509_free(cert); }
Its reference counted, so be sure to free it.
Jeff
On Tue, Feb 17, 2015 at 4:47 AM, Christian Parpart wrote:
> Hey guys,
>
> I am rather ne
like:
SSL_CTX* ctx = SSL_CTX_new(TLSv1_2_server_method());
SSL_CTX_use_certificate_file(ctx, "/path/to/server1.crt",SSL_FILETYPE_PEM);
SSL_CTX_use_PrivateKey_file(ctx, "/path/to/server1.key", SSL_FILETYPE_PEM);
I need to somehow get a ptr to the X509 struct to do something like:
Two nits:
> From: owner-openssl-users On Behalf Of Viktor Dukhovni
> Sent: Monday, December 16, 2013 10:37
> On Mon, Dec 16, 2013 at 04:03:30PM +0100, lists wrote:
>
> > >I have a .pem file. Is there a way to get it converted into .crt
> > >and .key files usi
On Mon, Dec 16, 2013 at 04:03:30PM +0100, lists wrote:
> >I have a .pem file. Is there a way to get it converted into .crt
> >and .key files using openssl tool.
>
> ".pem" doesn't say much.
> If it is a file containing both the key and the certificate an
l Shriyan wrote:
Hi,
I have a .pem file. Is there a way to get it converted into .crt and
.key files using openssl tool.
__
OpenSSL Project http://www.openssl.org
User Suppo
Hi,
I have a .pem file. Is there a way to get it converted into .crt and .key
files using openssl tool.
Please suggest.
Regards,
Kaushal
>From: owner-openssl-us...@openssl.org On Behalf Of Kevin Jenkins
>Sent: Wednesday, 27 March, 2013 01:51
(previously: key&certs setup for Tomcat-apparently-with-APR)
>The default server.xml has
>
>I'll leave that in since it seems to be what I need
Looks good to me.
>http://www.digicert.com/ssl
Thank you Dave. This is all new to me so your information is really helpful.
Regarding your response:
My files are in pem format.
The default server.xml has
I'll leave that in since it seems to be what I need
http://www.digicert.com/ssl-support/pem-ssl-creation.htm talks about how to
concatena
>From: owner-openssl-us...@openssl.org On Behalf Of Kevin Jenkins
>Sent: Tuesday, 26 March, 2013 21:53
>I'm a new user and am confused on how to generate .crt and .pem file.
>I am using Apache Tomcat with OpenSSL.
>I have a domain with a DNS entry pointing to the IP of m
Hi all.
I'm a new user and am confused on how to generate .crt and .pem file. I am
using Apache Tomcat with OpenSSL.
I have a domain with a DNS entry pointing to the IP of my webserver. Their
support have given me 3 files
intermediate.txt -> intermediate certificate?
mileston
On 01/02/2013 11:45 PM, Dave Thompson wrote:
From: Robert Moskowitz [mailto:r...@htt-consult.com]
Sent: Wednesday, 02 January, 2013 12:12
As I indicated, part of my problem is the default ssl.conf for apache
points to localhost.crt (built at firstboot) and I changed my hostname
which does not ch
> From: Robert Moskowitz [mailto:r...@htt-consult.com]
> Sent: Wednesday, 02 January, 2013 12:12
> As I indicated, part of my problem is the default ssl.conf for apache
> points to localhost.crt (built at firstboot) and I changed my hostname
> which does not change the localhost cert. But the
As I indicated, part of my problem is the default ssl.conf for apache
points to localhost.crt (built at firstboot) and I changed my hostname
which does not change the localhost cert. But the BasicConstraints
problem is still needed to work out.
On 12/31/2012 07:18 PM, Dave Thompson wrote:
Fr
> From: owner-openssl-us...@openssl.org On Behalf Of Robert Moskowitz
> Sent: Monday, 31 December, 2012 17:02
> I am running on Centos 6.3 where it looks like Openssl is 1.0.0-25
>
> I am creating my cert with:
>
> openssl req -new -outform PEM -out certs/test.htt-consult.com.crt
> -newkey rsa:
I had changed my hostname for the system, and that does not produce a
new localhost.crt, so the message was from this cert content and the
ssl.conf reference to the localhost.crt Grumble, Grumble.
As for the '/' in the report of cert content, this seems to be a 'bug'
in how the DN is displaye
Hello,
I am running on Centos 6.3 where it looks like Openssl is 1.0.0-25
I am creating my cert with:
openssl req -new -outform PEM -out certs/test.htt-consult.com.crt
-newkey rsa:2048 -nodes -keyout private/test.htt-consult.com.key
-keyform PEM -days 3650 -x509
This prompts me for the cont
06:27:15 PM:
> Ajay Garg
> Sent by: owner-openssl-us...@openssl.org
>
> 03/23/2012 06:30 PM
>
> Please respond to
> openssl-users@openssl.org
>
> To
>
> openssl-users@openssl.org
>
> cc
>
> Subject
>
> Re: Query in "EVP_PKEY_cmp"
t; owner-openssl-us...@openssl.org
>
> Subject
>
> Re: Query in "EVP_PKEY_cmp" for a particular value of ".crt" and ".key"
>
> Thanks Marek for the reply.
>
> I hope that it is ok if the key and cert files are with ".key&qu
Thanks Marek for the reply.
I hope that it is ok if the key and cert files are with ".key" and ".crt"
extensions (instead of pem).
If yes, then fortunately (or unfortunately)
Hello,
owner-openssl-us...@openssl.org wrote on 03/23/2012 03:10:47 PM:
> Ajay Garg
> Sent by: owner-openssl-us...@openssl.org
>
> Hi all.
>
> I have been trying lately to debug a startup issue in APACHE's httpd
service; and the
> last logs I receive in "/etc/httpd/logs_error_log" is
ot;X509 *x, EVP_PKEY *k" correspond to_ ?
My guess is that "x" corresponds to a ".crt" file, while "k" corresponds to
a "key" file.
The values at my side are ::
ssl.crt
-
##
rbrahmaa wrote:
>
> Hi All,
>
> I am entirely new to OpenSSL, 0% knowledge of this.
>
> My Requirement is to Parse the *.crt extension certificate and extract all
> the details like issuer, public key,validity details,serial
> no,OU,O,C,Signature Algorithm,subject
Hi All,
I am entirely new to OpenSSL, 0% knowledge of this.
My Requirement is to Parse the *.crt extension certificate and extract all
the details like issuer, public key,validity details,serial
no,OU,O,C,Signature Algorithm,subject and display same on the screen for
user through C
CRL can only revoke a CRT, not unrevoke, right?
Yes, it can. A CRL is a "present state" of revoked certificates.
Remove a certificate's serial number from a CRL, it is no longer
revoked.
A root CA can not be revoked, that's all. Think of revocation as an
automatic way to suspen
lokks like this:
>
> R 191122112605Z 100607152858Z 0B unknown
> /C=DE/ST=BY/O=xxx/OU=Ben Zuhause/CN=Ben Zuhause/Email=xxx
>
> Regards
>
> Daniel
>
>
>
> >
> >
> > Citējot *Daniel Spannbauer
> <mailto:d...@marco.de>
he entry in index.txt lokks like this:
R 191122112605Z 100607152858Z 0B unknown
/C=DE/ST=BY/O=xxx/OU=Ben Zuhause/CN=Ben Zuhause/Email=xxx
Regards
Daniel
>
>
> Citējot *Daniel Spannbauer <mailto:d...@marco.de>*:
>
> Hello,
>
> I use self-sign
If that CRL is trying to revoke that root certificate, what in that
CRL could ber forged?
CRL can only revoke a CRT, not unrevoke, right?
I know, that when revoking a certificate, CRL is signed by
certificate issuer (CA),
is there a reason, why a (small) CRL could not be signed by
.
Erik Tkal
Juniper OAC/UAC/Pulse Development
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of y...@inbox.lv
Sent: Monday, July 18, 2011 2:10 PM
To: openssl-users@openssl.org
Subject: Re: revoking crt
is that really a
why. (CRL could be signed by
certificates own key).
Citējot *Daniel Spannbauer [1]*:
> Hello,
>
> I use self-signed certificates for my VPN. Now, I try to revoke a
> crt.
> I called: openssl ca -revoke edge.crt -config vpn.conf
> But I get the error:
> "ERROR:name
Hello,
I use self-signed certificates for my VPN. Now, I try to revoke a crt.
I called: openssl ca -revoke edge.crt -config vpn.conf
But I get the error:
"ERROR:name does not match /C=DE/ST=BY/O=xxx/OU=edge am/CN=edge
am/emailAddress=xxx"
The header of the crt:
Certificate
Yes, that was the case. It was power -1 instead of subtract. Java BigInteger
has a function modInverse that does the required work for me. Now got it loaded
onto the smart card.
--- On Wed, 15/12/10, Kannan J wrote:
From: Kannan J
Subject: Re: How to compute crt coefficient (PQ) value
On Wed, Dec 15, 2010 at 12:58 AM, Victor Duchovni
wrote:
> On Tue, Dec 14, 2010 at 09:46:11PM -0800, Kannan J wrote:
>
>> I'm copying and pasting the text from the smart card guide. It is too
> big to attach.
>
> Please use plain-text (non-HTML) email when sending mail to lists.
Agreed.
>> The fo
e exponents and
> coefficients. It mentions "Enter CRT coefficient (qInv)*: qInv = q-1 mod p "
> I wonder if the smart card user guide might have printed P-1 instead of P-1.
> Even so I don't know how such a small real number obtained after taking the
> inverse can be a big inte
hich accepts prime values and generates the rest of the exponents and
> coefficients. It mentions "Enter CRT coefficient (qInv)*: qInv = q-1 mod p
> "
> I wonder if the smart card user guide might have printed P-1 instead of P-1.
>
> Even so I don't know how such a s
On Tue, Dec 14, 2010 at 09:46:11PM -0800, Kannan J wrote:
> I'm copying and pasting the text from the smart card guide. It is too
big to attach.
Please use plain-text (non-HTML) email when sending mail to lists.
> The following convention applies for the P, Q, DP1, DQ1, and PQ parameters:
> P is
>From my relentless search on the internet I hit upon this webpage
>http://www.mobilefish.com/services/rsa_key_generation/rsa_key_generation.php
which accepts prime values and generates the rest of the exponents and
coefficients. It mentions "Enter CRT coefficient (qInv)*: qInv = q-
d, 15/12/10, Victor Duchovni wrote:
From: Victor Duchovni
Subject: Re: How to compute crt coefficient (PQ) value of a private key?
To: openssl-users@openssl.org
Date: Wednesday, 15 December, 2010, 10:08 AM
On Tue, Dec 14, 2010 at 07:30:33PM -0800, Kannan J wrote:
> I have a private key tha
On Tue, Dec 14, 2010 at 07:30:33PM -0800, Kannan J wrote:
> I have a private key that I need to load onto the smart card.
> The PIV User Guide says PQ = P-1 mod Q
Instead of re-interpreting it is best to provide a direct reference,
or at least an unedited quote of the specificied requirements wi
I have a private key that I need to load onto the smart card.
The prime P value used being
00CC11DBABBC3648BF4C3800DD73C769580D60B8F45BA41210674FCFB6EDE6C604FD20FBD0EC3125BB9A116238CE4900A0308155971AB606CFB9945551B519ED6F
And the prime Q value being
00DF613AEA2FF8438C58766639DCED24D9BCBAF75926734
On Tue, Oct 05, 2010, colombus wrote:
>
> Hi
> I tried and I am getting following output
> openssl x509 -inform PEM -in online.crt -noout -text > text.txt
> unable to load certificate
> 844:error:0906D06C:PEM routines:PEM_read_bio:no start
> line:.\crypto\pem\pem_lib.
> c:650:Expecting: TRUSTED C
re
>> filed etc. I want extract these details from the file I need to know what
>> type of file is online.crt Is there any open SSL command to find or
>> verify
>> it ??
>
> openssl x509 -inform DER -in online.crt -noout -text
>
> OR if the CRT file looks like some
there any open SSL command to find or verify
it ??
openssl x509 -inform DER -in online.crt -noout -text
OR if the CRT file looks like some text with a lot of at the top:
openssl x509 -inform PEM -in online.crt -noout -text
verify
it ??
--
View this message in context:
http://old.nabble.com/Require-help-to-understand-a-.crt-file-tp29883887p29883887.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project
signature (by the same or a
different public key) on all these facts. The certificate may be stored
with the private key in a PKCS12 file (extension .pfx or .p12) with the
other two parts (mostly some Microsoft programs need this), in an
unencrypted DER file (extension .crt or .cer) (only Microsoft IIS
DER
certificate?
No where on any website does it say WHEN to use one type of certificate
or just a key?
Apache httpd.conf files will reference both .key and .crt files in their
syntax; isn't the .crt a PEM-encoded certificate file? If so, why not
give it a more meaningful .pem extension ins
> From: owner-openssl-us...@openssl.org On Behalf Of Dylan Martin
> Sent: Tuesday, 15 September, 2009 13:42
> Hi all, I need to connect to an LDAP server with a self-signed cert.
> I cannot get s_client to verify OK.. I have gathered the
> server cert by running s_client and then copying the ser
Hi all, I need to connect to an LDAP server with a self-signed cert.
I cannot get s_client to verify OK.. I have gathered the server cert
by running s_client and then copying the server cert out of the output
from s_client. Then I run s_client with the -CAfile option pointed to
that file and it s
ion. I got out put
> but it displayed in command window. But I want to save it in form of file
> .crt. Please advice me on that also.
>
>
> Thank you.
>
> Regards,
>
> --Ajeet Kumar Singh
>
>
>
> Sarve Bhavantu Sukhina ,Sarve Santu NiramayaSarve B
.crt. Please advice me on that also.
Thank you.
Regards,
--Ajeet Kumar Singh
Sarve Bhavantu Sukhina ,Sarve Santu NiramayaSarve Bhadrani Pashyantu , Maa
Kaschit Dukha Bhagh Bhavet
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL
Dear All;
Thank you Marek Marcola for your help.I tried your suggestion. I got out put
but it displayed in command window. But I want to save it in form of file
.crt. Please advice me on that also.
Thank you.
Regards,
--Ajeet Kumar Singh
Sarve Bhavantu Sukhina ,Sarve Santu NiramayaSarve
Hello,
[EMAIL PROTECTED] wrote on 09/24/2008 03:19:20 PM:
> Dear All,
> Thank you Vineeta for your help.
> >hi..
> >you can simply rename the .pem format to .crt. It will work fine..
> As above you mention conversion from .pem to .der but .PEM format
having
> only certi
Dear All,
Thank you Vineeta for your help.
>hi..
>you can simply rename the .pem format to .crt. It will work fine..
As above you mention conversion from .pem to .der but .PEM format having
only certificate having like given below:
-BEGIN CERTI
hi..
you can simply rename the .pem format to .crt . It will work fine..
On Wed, Sep 24, 2008 at 3:12 PM, Ajeet kumar.S
<[EMAIL PROTECTED]> wrote:
> Hi All,
>
>Can we convert .der to .crt file? Please suggest me. How we can
> convert it using open ssl?
>
Hi All,
Can we convert .der to .crt file? Please suggest me. How we can
convert it using open ssl?
Thank you.
Regards,
--Ajeet Kumar Singh
<>
Hi there;
On June 3, 2008 11:37:19 am staggerwing wrote:
> Hello,
>
> I have installed OpenSSL on Windows and I want to create a CRT certificate
> for client authentication purposes. I want specific clients to
> authenticate against a Windows 2003 web server.
>
> Windows 2
Hello,
I have installed OpenSSL on Windows and I want to create a CRT certificate
for client authentication purposes. I want specific clients to authenticate
against a Windows 2003 web server.
Windows 2003 CA does not allow me to create a CRT certificate but only CER.
The customer is using an
> My program has a CSR in DER format, and the CA private key, and needs
> to generate a CRT in DER format. The CA key is DSA, the CSR may be from
> a DSA or RSA key.
>
> Now, it seems that all documentation I was able to google shows how to
> do that using the openssl comm
Hi,
My program has a CSR in DER format, and the CA private key, and needs
to generate a CRT in DER format. The CA key is DSA, the CSR may be from
a DSA or RSA key.
Now, it seems that all documentation I was able to google shows how to
do that using the openssl command line tool, but there'
Hello Friend,
I m using stunnel in my project , that uses the certificates developed by
openssl..
what I need is to allow two or more process to generate the certificates
simultaneously.
So please provide me information regarding this that whether openssl allows
it?
What the error mes
Hello,
> > Thank you for reading my post
> > I have signed a private key using open ssl, the command i used is like:
> >
> > openssl ca -out server.crt -infiles server.csr
> >
> > now when i try to import it into keystore.jks using java keytool it return
> > an error like:
> >
> >
> > keytool
; can you please tell me what is wrong?
>
>
>
> thanks
>
>
Any comment for me?
--
View this message in context:
http://www.nabble.com/openSSL-generated-crt-file-return-error-when-i-want-to-import-it-using-keytool-tf3525615.ht
Title: subject in csr different from crt ?
Hello,
I am creating certs using the following commands:
openssl req -days 3650 -nodes -new -keyout $cName.key -out $cName.csr -config $KEY_CONFIG -subj /countryName=CA/stateOrProvinceName=AB/localityName=Calgary/organizationName=Domain.com
On Tue, Mar 30, 2004, Johann Normann wrote:
> Hi.
>
> Does anyone know the commands to export the root certificate to a
> DER-encoded binary file with the .crt ending?
> I run openssl on a Windows 2000 server.
>
The root certificate of what? Do you mean one in Win2k
Hi.
Does anyone know the commands to export the root certificate to a
DER-encoded binary file with the .crt ending?
I run openssl on a Windows 2000 server.
Johann Normann
__
OpenSSL Project
Hi all,
I'm using openssl command line tool to generate key pairs and the
associated certificate. I need to use them inside a smart card. However,
the card I have only support RSA CRT private key instead of RSA private
key. Is openssl able to generate RSA CRT private key? Is there a w
+
+Cross-Certificate+TestCA2-1
The client browser has only RootCA1's certificate installed. Thus a test
would be successful, if a certificate chain built from cat >>
TestCA2-1.crt >> RootCA2.crt >> Crosscertificate >> RootCA1 (not needed
actually) w
Hi,
I went to VeriSign site to get a trial certificate.
They gave me .crt certificate file. When I use that
file as an input to the function
SSL_CTX_use_certificate_file
What type should I give as a third parameter. I gave
SSL_FILETYPE_PEM. But it does not work.
Any hints...
-- nilesh
Hi, all
After test my SSL server with self-signed certificate, now I have
bought one from verisign, but when I override old .crt with new .crt,
I can not start my server again, the error msg is show below, can
u tell me the reason, thanks in advance.
[Fri Mar 23 14:13:55 2001] [error] mod_ssl
Date sent: Fri, 19 Jan 2001 20:01:53 +
From: Dr S N Henson <[EMAIL PROTECTED]>
Organization: S N Henson
To: [EMAIL PROTECTED]
Subject:Re: Win32 CA signed Apache Server-Netscape .CRT Problem
Send re
m with a self generated/self
> signed ca crt and key. I then transfer the resulting server.key and
> server.csr to the Unix workstation and place in:
>
> /usr/local/apache/ssl.crt/server.crt
> /usr/local/apache/ssl.key/server.key
>
> I start up the Apache server, then use the
From: "Jennifer Arden" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject:RE: Win32 CA signed Apache Server-Netscape .CRT Problem
Date sent: Fri, 19 Jan 2001 13:21:20 -0500
Send reply to: [EMAI
Server-Netscape .CRT Problem
Date sent: Fri, 19 Jan 2001 17:24:55 +
From: Dr S N Henson <[EMAIL PROTECTED]>
Organization: S N Henson
To: [EMAIL PROTECTED]
Subject:Re: Win32 CA signed Apache Server-Netscap
Date sent: Fri, 19 Jan 2001 17:24:55 +
From: Dr S N Henson <[EMAIL PROTECTED]>
Organization: S N Henson
To: [EMAIL PROTECTED]
Subject:Re: Win32 CA signed Apache Server-Netscape .CRT Problem
Send re
"Kenneth R. Robinette" wrote:
>
> Problem:
>
> An Unix Apache/mod-ssl server .crt/.key pair
> generated from a .csr/.key signed by a self
> generated CA Cert on 32 bit Windows will not work
> with the Netscape 4.72 client running on Linux
> Redhat 6.2.
>
&
Problem:
An Unix Apache/mod-ssl server .crt/.key pair
generated from a .csr/.key signed by a self
generated CA Cert on 32 bit Windows will not work
with the Netscape 4.72 client running on Linux
Redhat 6.2.
However the same .csr/.key signed by the same
self generated CA Cert on Redhat 6.2
Problem:
An Unix Apache/mod-ssl server .crt/.key pair generated from a
CSR/KEY signed by a self generated CA Cert on 32 bit Windows
will not work with the Netscape 4.72 client running on Linux Redhat
6.2.
However the same CSR/KEY signed by the same self generated CA
Cert on Redhat 6.2 Linux
Thanks everyone for the help about .Crt
Aaron
- Original Message -
From: "Massimiliano Pala" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, November 27, 2000 6:22 PM
Subject: Re: .CRT
> > Aaron Galea wrote:
> >
> > Hi,
>
>
&
> Aaron Galea wrote:
>
> Hi,
Hi,
> Does anyone know how to read a .crt certificate? Reading .pem, .cer and .der
> no problem but I can't figure out how to read a .crt certificate.
The file extension does not reveal the file format... a .crt file could be
any format of th
Hi all,
Netscape Communicator just knows PKCS#12-formatted certificates (files .p12)
and not the .crt generated by 'openssl ca'. Does anyone knows how to convert
one to the other ? How does 'openssl ca' and 'openssl pkcs12' work, actually
? I couldn't find any
MJ wrote:
>
> I have gotten a test key and saved it a text file.. what do I do to tell
> apache-ssl to start using this crt and key?
wrong list... please look at:
http://www.apache-ssl.org/#Mailing_List
cheers,
Adam
--
Adam Laurie Tel: +44 (181) 742 0755
A.L. Di
86 matches
Mail list logo
