RE: CA/Server configuration

by definition.) > then its bar.conf must answerboth sets of questions at the same time! Why? Creating a CSR and generating the certificate for it are separate operations. bar's configuration is used in creating the CSR. foo's is used in generating the certificate. > For insta

Re: CA/Server configuration

subordinate. > (We never intend to publish as RFC, but preferred ID format) > They are at: >https://github.com/mcr/draft-moskowitz-ecdsa-pki-1 >https://datatracker.ietf.org/doc/html/draft-moskowitz-ecdsa-pki-10 >https://github.com/rgmhtt/draft-moskowitz-eddsa-pki > >

Re: CA/Server configuration

as RFC, but preferred ID format) They are at: https://github.com/mcr/draft-moskowitz-ecdsa-pki-1 https://datatracker.ietf.org/doc/html/draft-moskowitz-ecdsa-pki-10 https://github.com/rgmhtt/draft-moskowitz-eddsa-pki > Secondly, how is the absence of a configuration field/section/extension

RE: CA/Server configuration

things much easier. You can find it here: https://github.com/OpenVPN/easy-rsa Now to address your questions… First, -config allows you to specify a configuration file to use for the operation – from the OpenSsl documentation: (https://www.openssl.org/docs/man1.1.1/man1/openssl.html) Many

CA/Server configuration

Hello I am looking to clarify some conceptual and practical questions I've accumulated while trying to configure a private 'Root CA - Intermediate CA - Server' setup. Most of my confusion revolves around the configuration of the Intermediate CA due to its role as both a requester

Re: OpenSSL 3.0 FIPS module configuration file

On Tue, 15 Feb 2022 at 09:53, Tomas Mraz wrote: > Please note that there are two checksums in the configuration file. One > of them is the FIPS module checksum and the other is the checksum of > the configuration. You can copy the file across machines if it is > without the c

Re: OpenSSL 3.0 FIPS module configuration file

Please note that there are two checksums in the configuration file. One of them is the FIPS module checksum and the other is the checksum of the configuration. You can copy the file across machines if it is without the configuration checksum - that means the selftest will be always run when the

Re: OpenSSL 3.0 FIPS module configuration file

stall process runs the self tests before generating the configuration file.  If the self tests fail, the module doesn't install.  Copying the configuration file across avoids the self tests and therefore isn't compliant. Pauli On 15/2/22 02:25, Richard Dymond wrote: Hi Probably a dum

Re: OpenSSL 3.0 FIPS module configuration file

h the FIPS standards.  I forget which standard it is but the self tests are mandated to be run on each device independently. The fipsinstall process runs the self tests before generating the configuration file.  If the self tests fail, the module doesn't install.  C

Re: OpenSSL 3.0 FIPS module configuration file

ns the self tests before generating the > configuration file. If the self tests fail, the module doesn't install. > Copying the configuration file across avoids the self tests and therefore > isn't compliant. > > > Pauli > > > On 15/2/22 02:25, Richard Dymond wr

Re: OpenSSL 3.0 FIPS module configuration file

standards.  I forget which standard it is but the self tests are mandated to be run on each device independently. The fipsinstall process runs the self tests before generating the configuration file.  If the self tests fail, the module doesn't install.  Copying the configuration file a

Re: OpenSSL 3.0 FIPS module configuration file

Yes, this has to do with the FIPS standards.  I forget which standard it is but the self tests are mandated to be run on each device independently. The fipsinstall process runs the self tests before generating the configuration file.  If the self tests fail, the module doesn't in

OpenSSL 3.0 FIPS module configuration file

Hi Probably a dumb question, but why must the FIPS module configuration file for OpenSSL 3.0 be generated on every machine that it is to be used on (i.e. must not be copied from one machine to another)? I just ran 'openssl fipsinstall' on two different machines with the same FIPS mod

RE: configuration options 'fips' and 'makedepend' disabled by default on master

request, the 'makedepend' option remains enabled by default. Matthias https://github.com/openssl/openssl/pull/15050 > -Original Message- > From: openssl-users On Behalf Of Dr. > Matthias St. Pierre > Sent: Tuesday, April 27, 2021 9:50 PM > To: openssl-users@

configuration options 'fips' and 'makedepend' disbled by default on master

Just a short heads-up to all users testing and developing for OpenSSL 3.0: The defaults for the configuration options 'fips' and 'makepend' are going to change on the master branch soon (i.e., before the release of 3.0.0 alpha16): they will be disabled by default. If your d

Static vs dynamic engine configuration

Hello, I noticed that although the docs generally refer to the capi engine as "builtin", it doesn't appear to be linked statically with openssl, and is actually being loaded by the dynamic engine mechanism. I believe this is because the OPENSSL_NO_STATIC_ENGINE flag is being set by Configure. The o

Re: Missing enable-tlsext configuration

On 28/08/2019 13:46, Dan Heinz wrote: > We're moving from the 1.0.x branch to the 1.1.1 branch of OpenSSL. When > building OpenSSL 1.1.1c, I get an error that there is not an enable-tlsext > configuration parameter. I can't seem to find any information on when or why >

s_server configuration

Hi All, I’m trying to get an OCSP server operating in an SSL (really TLS1.2) environment. It works fine in the HTTP world, but I’m having issues with getting s_server to handle the communication in the Secure HTTPS world. If anyone has any suggestions to get the connection to persist I’

Re: [openssl-users] renegotiation expected to fail when trust configuration has changed.

On 22/11/2018 15:58, Pfluegl, Andreas wrote: > > I expect server_parse_cb() returning 0 to cause the interruption of the > connection. > > Can you confirm this? Yes. According to the docs: "If the B considers the extension data acceptable it must return 1. If it returns 0 or a negative valu

[openssl-users] renegotiation expected to fail when trust configuration has changed.

Hi, We have a C++ client application and a C++ server application using OpenSSL 1.1.0f to encrypt the TCP/IP communication. We enforce mutual authentication (also the server requests certificates from the clients and verifies if they are issued by a CA it trusts). We are able to update certif

[openssl-users] Question regarding TLS renegotiation and configuration of Openssl ssl context

Dear Openssl Gurus, I am facing the following problem, I am required to create an SSL client that talks (TLSv1.2, TLSv1.1 and TLSv1.0) against 3 different types of servers, one talks TLSv1.2 only (server_12) , one TLSv1.1 only (server_11) and one TLSv1.0 only (server_10) The way I am configur

Re: [openssl-users] Engine configuration

On 04/10/2017 19:28, Dmitry Belyavsky wrote: Dear Stephen, On Tue, Oct 3, 2017 at 12:16 AM, Dr. Stephen Henson wrote: On Mon, Oct 02, 2017, Dmitry Belyavsky wrote: Hello, I have a question regarding engine configuration. We need to implement such behaviour: - on load the engine is

Re: [openssl-users] Engine configuration

Dear Stephen, On Tue, Oct 3, 2017 at 12:16 AM, Dr. Stephen Henson wrote: > On Mon, Oct 02, 2017, Dmitry Belyavsky wrote: > > > Hello, > > > > I have a question regarding engine configuration. > > > > We need to implement such behaviour: > > - on load

Re: [openssl-users] Engine configuration

On Mon, Oct 02, 2017, Dmitry Belyavsky wrote: > Hello, > > I have a question regarding engine configuration. > > We need to implement such behaviour: > - on load the engine is configured with the commands from config file, but > the values can be overwritten via environm

[openssl-users] Engine configuration

Hello, I have a question regarding engine configuration. We need to implement such behaviour: - on load the engine is configured with the commands from config file, but the values can be overwritten via environment - application can change the engine's configuration via ENGINE_ctrl_s

Re: [openssl-users] [ssllabs-discuss] Apache configuration

On 20/07/2017 21:06, Tom Browder wrote: On Thu, Jul 20, 2017 at 1:57 PM, Reindl Harald wrote: Am 20.07.2017 um 18:02 schrieb Tom Browder On Thu, Jul 20, 2017 at 10:54 AM, Reindl Harald wrote ... P.S. Of course the other part of my motivation in the past has been to see if it can be made to

Re: [openssl-users] [ssllabs-discuss] Apache configuration

On Thu, Jul 20, 2017 at 2:14 PM, Reindl Harald wrote: ... > before having the cluster 2015 in VMware EVC mathcing sandybridge i thought > "well, the hardware is capable" but VMware filtered out AVX instrcutions and > everything using openssl crashed with "illegal cpu instuction" which proved > the

Re: [openssl-users] [ssllabs-discuss] Apache configuration

On Thu, Jul 20, 2017 at 1:57 PM, Reindl Harald wrote: >>> Am 20.07.2017 um 18:02 schrieb Tom Browder On Thu, Jul 20, 2017 at 10:54 AM, Reindl Harald wrote ... >> P.S. Of course the other part of my motivation in the past has been >> to see if it can be made to work, regardless of need

Re: [openssl-users] CONF-less OpenSSL configuration?

internal file structure of iOS app is well defined with API to access the directories without any hacks (I assume you weren't looking to access a directory outside of your app) https://developer.apple.com/library/content/documentation/FileManagement/Conceptual/FileSystemProgrammingGuide/FileSystem

[openssl-users] CONF-less OpenSSL configuration?

Is it possible to setup a CONF-less OpenSSL? If so, how? The use case is mobile apps, like Android, iOS and Windows Phone. There is no OPENSSLDIR per se; and the app's install directory will be a moving target like a UUID. I know hacks can be applied for iOS, like forgoing a macro and returning N

[openssl-users] Minimum openssl configuration for ssl/tls smtp email support?

Hi, What configuration parameters (NO-XXX) should be passed for the openssl library to be built to support standard TLS/SSL required for sending emails through the public smtp servers but at the least amount of code needed.I have it working (only calls a few BIO_ and/or SSL_ functions) but

[openssl-users] OpenSSL configuration file problems

Hi everyone. My intention is to modify the openssl.cnf file in order to add a new RSA ENGINE, dynamicaly. I have found the /etc/ssl/openssl.cnf file and after my modifications it looks like this: # # OpenSSL example configuration file

[openssl-users] Enable FIPS mode of OpenSSL by changing the configuration file, will it work for Python as well?

appreciated. .. # Default appname: should match "appname" parameter (if any) # supplied to CONF_modules_load_file et al. openssl_conf = openssl_conf_section [openssl_conf_section] # Configuration module list alg_section = evp_sect [evp_sect] # Set to "yes" to enter FI

Re: Auto Session Resumption Configuration

the in-memory cache and/or use the callbacks to read/write session objects (keyed by session-id) from/to a shared external cache. For clients, you load the session yourself before calling SSL_connect() when you think you're connecting to the same server. > Is there same configuration

Auto Session Resumption Configuration

re is configuration for renegotiation timer to initiate renegotiation request from server and client sides both. (BIO_set_ssl_renegotiate_timeout) Is there same configuration for session resumption? And usually it is the client side to initiate the session resumption request via inserting old session ID i

Re: [openssl-users] Somewhat conflicting configuration and strange behaviour

On 14.12.2013 00:00, Dr. Stephen Henson wrote: How are you disabling RSA key exchange? by setting all ciphers beginning with RSA to no in FF If you disable RSA for authentication too you'll hit problems if you don't have a non-RSA certificate. So for example: ECDHE-ECDSA-3DES-EDE-SHA needs a

RE: [openssl-users] Somewhat conflicting configuration and strange behaviour

> From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Walter H. > The server is capable of ciphers DHE-* and others; > the list is quite longer than the avaiable ciphers of the client ..., > so I think this is quite strange ... > > openssl ciphers -V >

Re: [openssl-users] Somewhat conflicting configuration and strange behaviour

On Fri, Dec 13, 2013, Walter H. wrote: > On 13.12.2013 21:16, andrew cooke wrote: > >well, i realised i couldn't answer the question seriously... what is > >ECDHE-ECDSA-3DES-EDE-SHA ? the only reference i can find on the web is to > >google chrome and firefox accepting it (a grep of openssl 1.0.

Re: [openssl-users] Somewhat conflicting configuration and strange behaviour

well, not really, because in practice the name has to match, so you are stuck (as the earlier answer says). i guess the answer is somewhere in the nss code... andrew On Fri, Dec 13, 2013 at 10:04:52PM +0100, Walter H. wrote: > On 13.12.2013 21:16, andrew cooke wrote: > >well, i realised i cou

Re: [openssl-users] Somewhat conflicting configuration and strange behaviour

On 13.12.2013 21:16, andrew cooke wrote: well, i realised i couldn't answer the question seriously... what is ECDHE-ECDSA-3DES-EDE-SHA ? the only reference i can find on the web is to google chrome and firefox accepting it (a grep of openssl 1.0.1e fails to find it). does any server actually p

Re: [openssl-users] Somewhat conflicting configuration and strange behaviour

well, i realised i couldn't answer the question seriously... what is ECDHE-ECDSA-3DES-EDE-SHA ? the only reference i can find on the web is to google chrome and firefox accepting it (a grep of openssl 1.0.1e fails to find it). does any server actually provide it? if so, what mode does it use (

Re: [openssl-users] Somewhat conflicting configuration and strange behaviour

Don't regret it, it wasn't that bad ;) -- Erwann ABALEA Le 13/12/2013 20:39, andrew cooke a écrit : sorry, that was a bad joke i now regret sending. andrew On Fri, Dec 13, 2013 at 04:01:23PM -0300, Andrew Cooke wrote: it dpends how many characters differ when sorted. in this case: ECDHE-EC

Re: [openssl-users] Somewhat conflicting configuration and strange behaviour

sorry, that was a bad joke i now regret sending. andrew On Fri, Dec 13, 2013 at 04:01:23PM -0300, Andrew Cooke wrote: > > it dpends how many characters differ when sorted. > > in this case: > > ECDHE-ECDSA-DES-CBC3-SHA -> 3AABDDDHHSSS >* *** **

Re: [openssl-users] Somewhat conflicting configuration and strange behaviour

it dpends how many characters differ when sorted. in this case: ECDHE-ECDSA-DES-CBC3-SHA -> 3AABDDDHHSSS * *** ** ECDHE-ECDSA-3DES-EDE-SHA -> 3AACCEEHHSSS you can see (marked by *) that 6 characters don't match. now 6 is a triangular

Re: [openssl-users] Somewhat conflicting configuration and strange behaviour

Le 13/12/2013 19:30, Walter H. a écrit : On 12.12.2013 14:16, Erwann Abalea wrote: It's not strange. You removed the RSA-* from client side, the result is that the server can't match anything in common between what the client proposed and what the server accepts. The error you get has been sen

Re: [openssl-users] Somewhat conflicting configuration and strange behaviour

On 12.12.2013 14:16, Erwann Abalea wrote: It's not strange. You removed the RSA-* from client side, the result is that the server can't match anything in common between what the client proposed and what the server accepts. The error you get has been sent by the server. The server is capable

Re: [openssl-users] Somewhat conflicting configuration and strange behaviour

It's not strange. You removed the RSA-* from client side, the result is that the server can't match anything in common between what the client proposed and what the server accepts. The error you get has been sent by the server. -- Erwann ABALEA Le 11/12/2013 22:34, Walter H. a écrit : Hello,

Re: [openssl-users] Somewhat conflicting configuration and strange behaviour

Hello, Thanks for your reply; Very strange in FF when I disable the use of the RSA-* Ciphersuites in FF, then I get the following error Secure Connection failed Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap) the certificat

Re: [openssl-users] Somewhat conflicting configuration and strange behaviour

Bonjour, The certificate specifies "digitalSignature" as its sole key usage. That means the certified key can only be used to sign data, and not perform any decrypt operation. If your server+client are negotiating a (EC)DHE-RSA-* ciphersuite, that's OK because the server's RSA private key wil

Somewhat conflicting configuration and strange behaviour (was: SELinux prevents running squid 3.3.11 on CentOS 6.5)

Hello Eliezer Croitoru, this is also to the OpenSSL mailing list, because can someone verify that the CA certificate and the SSL certificate fit together - the last section of this mail. (of course I can do this by myself, but here I want to opinion of a 3rd party) I have the solution that wo

Clang/LLVM and Building with a Debug Configuration?

Hi All, I'm trying to run OpenSSL through Clang's scan-build (http://clang-analyzer.llvm.org/scan-build.html). According to the page, I should be configuring and building a debug configuration (both through scan-build). Does OpenSSL supply a 'generic' debug configuration?

QT .pro file configuration

Can someone plz tell the content of the QT .pro file where we link the library of OpenSSL to QT hope someone is using QT and openssl out here ?? thanks in advance -- From:- Shanil J.S __ OpenSSL Project

Re: openssl-user - UTF8 characters in configuration file

mussen IBM DataPower From: Viktor Dukhovni To: openssl-users@openssl.org, Date: 03/15/2013 12:06 PM Subject: Re: openssl-user - UTF8 characters in configuration file Sent by:owner-openssl-us...@openssl.org On Fri, Mar 15, 2013 at 09:44:13AM +0100, Zbyn?k Krej

Re: openssl-user - UTF8 characters in configuration file

On Fri, Mar 15, 2013 at 09:44:13AM +0100, Zbyn?k Krej??k wrote: > I tried this some 2yrs ago what seemed to work (at least wins showed the > strings in cert correctly) > > in > [ req ] > ... > distinguished_name= req_distinguished_name > attributes= req_attributes > string_mask

RE: openssl-user - UTF8 characters in configuration file

-out utf8req.pem Date: Thu, 14 Mar 2013 15:35:42 -0400 Subject: RE: openssl-user - UTF8 characters in configuration file > Hi Rich! > > Glad to hear from you and hope all is well! > > Thanks for the tip, but I haven't cracked this nut yet. I've tried several > permuta

RE: openssl-user - UTF8 characters in configuration file

rking. Cheers John From: "Salz, Rich" To: "openssl-users@openssl.org" , Cc: "owner-openssl-us...@openssl.org" Date: 03/14/2013 12:53 PM Subject:RE: openssl-user - UTF8 characters in configuration file Sent by:owner-openssl-us...@ope

RE: openssl-user - UTF8 characters in configuration file

Hi John! Looking at apps/req.c, it seems you want to use the -utf8 flag (or put utf8: yes in your conf file [req] section) and not prefix the string with an identifier. -- Principal Security Engineer Akamai Technology Cambridge, MA

Re: openssl-user - UTF8 characters in configuration file

ser - UTF8 characters in configuration file Sent by:owner-openssl-us...@openssl.org Hello John, I had the same problem; the solution is just: UTF8String or UTF8 and not UTF8STRING Walter On 14.03.2013 17:06, rasmu...@us.ibm.com wrote: I'm using the following configuration file section i

Re: openssl-user - UTF8 characters in configuration file

Hello John, I had the same problem; the solution is just: UTF8String or UTF8 and not UTF8STRING Walter On 14.03.2013 17:06, rasmu...@us.ibm.com wrote: I'm using the following configuration file section in an attempt to create a CA with UTF8 characters in subject (and other) f

openssl-user - UTF8 characters in configuration file

I'm using the following configuration file section in an attempt to create a CA with UTF8 characters in subject (and other) fields. string_mask = utf8only prompt = no [ req ] default_bits= 2048 default_keyfile = /opt/rasmussjCa/private/cake

Re: How do I tell openssl where its configuration file is, without a commandline argument?

On Wed, Nov 28, 2012 at 3:54 PM, Wim Lewis wrote: > > On 28 Nov 2012, at 12:31 PM, Ted Byers wrote: >> Is it possible to tell openssl where the configuration file is, e.g. >> by setting an environment variable, without passing a commandline >> argument? > > > If

Re: How do I tell openssl where its configuration file is, without a commandline argument?

On 28 Nov 2012, at 12:31 PM, Ted Byers wrote: > Is it possible to tell openssl where the configuration file is, e.g. > by setting an environment variable, without passing a commandline > argument? If I remember correctly, you can set the OPENSSL_CONF environment variable to the pa

How do I tell openssl where its configuration file is, without a commandline argument?

The simpler variant of this question, vis how to tell openssl where the configuration file is, is a FAQ, and I have seen it countless times over the past few years, as a result of my searches using Google. However, my present situation is a bit different. I am developing perl programs that must

Configuration files always required?

I am working on a Perl programmatic solution (i.e., no user responses needed) to a local CA and wonder if I need any configuration files at all? So far, all the man pages I've looked at seem to have command args to handle almost everything that seems important (i.e., required). The one exce

Re: (no subject): SSL Configuration

On Wed, Jul 25, 2012 at 4:15 PM, Tom Browder wrote: > On Wed, Jul 25, 2012 at 3:40 PM, Ted Byers wrote: >> On Wed, Jul 25, 2012 at 4:03 PM, Tom Browder wrote: ... >> Thanks. Let me know when I can take a look at yor script. I'd also like to >> hear about how you harden your servers. > > Roger-

Re: (no subject): SSL Configuration

On Wed, Jul 25, 2012 at 3:40 PM, Ted Byers wrote: ... > On Wed, Jul 25, 2012 at 4:03 PM, Tom Browder wrote: ... >> I will provide the user passwords for the client certs. to my >> intermediate helpers via the USPO and the individual client >> certificates via e-mail. The users have to get their

Re: (no subject): SSL Configuration

at least part of your requirements), but I first can point you to > one of the most current references I can find for openssl > configuration: > > http://www.phildev.net/ssl/ > Hi Tom, and thanks. Sorry, I didn't realize I had sent my original message without a subject. I am an

Re: (no subject): SSL Configuration

ent references I can find for openssl configuration: http://www.phildev.net/ssl/ It's a little outdated in that the following openssl conf object names are no longer valid (at least as of the latest stable release: openssl-1.0.1c): #     challengePassword_max #     challengePass

Hi - HTTPD Configuration with MOD SSL

Hi, I want to enable HTTPD to support multi-layer certificates (ca chain). I had 2 options Option 1: We can configure SSLCertificateFile (EE file) and SSLCertificateChainFile (CA Chain) Option 2: We can configure SSLCertificateFile (EE+CA Chain) When we tested we found that Option 2 worked and Op

sufficient engine configuration i openssl.cnf for signing with smartcard/xmlsec1

leksey.com/xmlsec/ http://www.mail-archive.com/xmlsec@aleksey.com/msg02507.html clizio merli has not answered my mail so far Help from a openssl Forum or the like is necessary at this stage. Thanks in advance SiSt -- View this message in context: http://old.nabble.com/sufficient-engine-configur

Re: generic configuration for 64 bit

cc","cc:-O::(unknown)::", >> >> What would be an equivalent generic configuration for 64 bit? > > > If you are on Linux system, that would be: > > ./Configure linux-x86_64 Thanks! What about linux-generic64? Is there a

Re: generic configuration for 64 bit

"cc:-O::(unknown)::", > > What would be an equivalent generic configuration for 64 bit? If you are on Linux system, that would be: ./Configure linux-x86_64 > Best, > Misha i -- Igor Galić Tel: +43 (

generic configuration for 64 bit

hi all, The Configure file has generic 32 bit configurations: # Basic configs that should work on any (32 and less bit) box "gcc", "gcc:-O3::(unknown):::BN_LLONG:::", "cc", "cc:-O::(unknown)::", What would be an equivalent

Re: Error signing certificates with my own CA... Configuration file?

Hi Chris: Although it sounds a bit overkill for what you are looking for, as part of our "CertiPath Test CA using OpenSSL" Howto, a goodly portion of the various settings and possible configurations of the parameters are explained, and scripts are also provided for generation of a number of dif

Re: Error signing certificates with my own CA... Configuration file?

Not discouraged at all (just short on time trying to meet a deadline). I'll check out TinyCA (and the like) in the meantime, but actually do hope to delve into the source and figure out those directives when I get some time. I do appreciate your time and attention!! On 09/28/2010 09:41 AM,

Re: Error signing certificates with my own CA... Configuration file?

I don't want to discourage you from learning the details yourself, but you may want to look at some wrapper software that is already worked out and takes care of these things for you. For example, I usually find TinyCA adequate to my minuscule certificate-processing needs. Even if you decide not

Error signing certificates with my own CA... Configuration file?

I've found the alternative to self-signing (namely signing with your own CA) to be a potentially great path for the web application that we develop; however I can't quite figure out how exactly to tweak the configuration file to get what I want. It is hard (impossible?) to find an

RE: Request on AES 512 bit encryption Configuration in Openssl.

AES by definition has a 128-bit block size and uses either a 128, 192 or 256-bit key. If you mean the Rijndael algorithm, that is more flexible and can have a block size up to 256 bits, with no key size limit. I do not believe OpenSSL has the generic support (older versions may have from pre-A

Request on AES 512 bit encryption Configuration in Openssl.

Hi, Is it possible to have AES 512 bit encryption in latest release of openssl. Regards, Uday,

Re: OpenSSL, relative paths of configuration file

Hello Michael, [...] $HOME = . # [active directorey, from which I call openssl] You better check that one - it may have been a typo here, but *nix systems __never__ specify the "current working directory" as the $HOME directory. *nix and nearly all other "single tree" file system OS have an

Re: OpenSSL, relative paths of configuration file

Hello Michael, [...] $HOME = . # [active directorey, from which I call openssl] You better check that one - it may have been a typo here, but *nix systems __never__ specify the "current working directory" as the $HOME directory. *nix and nearly all other "single tree" file system OS have an

Re: OpenSSL, relative paths of configuration file

re starting > > 1.) The active directory? > 2.) The directory where openssl (executable) resides > or > 3.) The directory where openssl.cnf resides? > 4.) Any other directory? > > Actually I think that the $HOME is the path of the > active directory (from which I call openssl)

OpenSSL, relative paths of configuration file

resides or 3.) The directory where openssl.cnf resides? 4.) Any other directory? Actually I think that the $HOME is the path of the active directory (from which I call openssl) Right? Typically and with the default configuration the .rnd file is generated in that _active_ directory. The "d

OpenSSL, relative paths of configuration file

resides or 3.) The directory where openssl.cnf resides? 4.) Any other directory? Actually I think that the $HOME is the path of the active directory (from which I call openssl) Right? Typically and with the default configuration the .rnd file is generated in that _active_ directory. The "d

Re: Openssl configuration (openssl.cnf ) doudt

On Wed, Feb 10, 2010 at 12:49 PM, Samuel123smith wrote: > > Hi ALL, > > I am trying to use openssl pkcs11 engine . I have more than pkcs11 provider > and I want my customer to specify which pkcs11 provider they want to use . > For this I am thinking to modify the openssl.cnf file and > have one op

Openssl configuration (openssl.cnf ) doudt

this own pkcs11 provider library. Thanks in advance Samuel -- View this message in context: http://old.nabble.com/Openssl-configuration-%28openssl.cnf-%29-doudt-tp27527112p27527112.html Sent from the OpenSSL - User mailing list archive at Nabble.com

Openssl configuration (openssl.cnf ) doudt

this own pkcs11 provider library. Thanks in advance Joshi -- View this message in context: http://old.nabble.com/Openssl-configuration-%28openssl.cnf-%29-doudt-tp27527111p27527111.html Sent from the OpenSSL - User mailing list archive at Nabble.com

Re: Openssl Configuration File

In a command window type: set OPENSSL_CONF=c:\openssl\openssl.conf change "c:\openssl\openssl.conf" to the path of your configuration file. Or open up the control panel and open the system dialog. Click on the environment button and add new system variable. Reboot the computer and

Re: Openssl Configuration File

; into random state - done > Generating RSA private key, 1024 bit long modulus > ..++ > ..++ > e is 65537 (0x10001) > > although I have Windows, the Openssl seems to see linux > (/usr/local/ssl/openssl.cnf) > > I tried many ways in order to set the path of the conf file, but

Openssl Configuration File

Hello I installed OpenSSL on Windows I have Apache 2.2 WebServer I need to generate a certificate, in order to purchase certificate license from CA when I use the openssl generate command: openssl genrsa -out mykey.key 1024 I also tried: openssl genrsa -config openssl.cnf -out mykey.key 1024

Re: SSL configuration on Tomcat 5.5

This is an Apache Tomcat question, not an OpenSSL question. Please direct your request to the appropriate Apache support group. (I will note that it'll be easier for them to diagnose it if you tell them the exact error message you're getting, instead of simply saying "it doesn't work".) -Kyle H

SSL configuration on Tomcat 5.5

Hi , I am getting problem in configuring ssl on tomcat 5.5 I genrated private key and certificate using openssl then i copied these in top directory of tomcat. And enable the 8443 connector in server.xml file in following way But its not working . suggest me where i m making an error

Re: Problem in SSL configuration

An SSLv3 certificate is an X.509v3 certificate that conforms to certain requirements. Since SSLv3 is not actually an internet standard, I would suggest looking at TLSv1 and TLSv1.1 (the latter of which is not yet supported by openssl, to my knowledge). That said, the PKI howtos at carillon.com ar

Re: Problem in SSL configuration

And you may want to take a look at: http://www.carillon.ca/library/howtos.php For the OpenSSL setup guide, which is pretty good (if I may say so myself :) tutorial for setting up an X.509 v3 certificate (which is what I'm presuming you really want when you say SSL version 3 certificated) to do ju

Re: Problem in SSL configuration

hi what do u mean by 'SSL version 3 certificated'? if u r looking for ssl certificates then u need to use the openssl.exe for certs. here is the link: http://www.madboa.com/geek/openssl/#cert On Mon, Jun 30, 2008 at 10:23 AM, rajatg <[EMAIL PROTE

Re: Problem in SSL configuration

http://www.tc.umn.edu/~brams006/selfsign.html On Mon, Jun 30, 2008 at 10:23 AM, rajatg <[EMAIL PROTECTED]> wrote: > Hi, > > I am facing problem in generating SSL version 3 certificated.Could you > please help in certificate generation > > Regards, > Rajat Gupta > > ___

Problem in SSL configuration

Hi, I am facing problem in generating SSL version 3 certificated.Could you please help in certificate generation Regards, Rajat Gupta __ OpenSSL Project http://www.openssl.org User Support Mailing

Ned help with TLS configuration

Hello, I am trying to configure openldap 2.2.13.2 on Red Hat Enterprise Linux ES release 4 (Nahant) to work with TLS, so that my client machine can authenticate using credentials stored on server. Everything works fine without TLS, but if i try using TLS i get using ssh "Permission denied" and

Re: Configuration file for subjectAltName

My Apologies. I was forwarding this to another email for archiving and I was sloppy with addressing before I hit send. Back to your program already in progress Lee Elia, Leonard F. wrote: On Tue, Sep 18, 2007 at 01:46:42PM -0500, Murphy, David F wrote: Exchange 2007 certificates and th

Re: Configuration file for subjectAltName

there done this already? If so, would you please share the openssl.cnf that you used and the commands you executed to utilize the configuration file? Config file: [ req ] default_bits= 1024 default_md = sha1 default_keyfile = key.pem di

  1   2   3   >