Read my comments please.
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Patrick Patterson
Sent: Wednesday, June 19, 2013 7:50 PM
To: openssl-users@openssl.org
Subject: Re: Creating certificates
Hi Rodney,
First of all
t; revise my question. Please disregard the email because instead of
> creating certificates,
>
> I'm going to use certs provided by my linux admin to configure SSL/TLS
> with LDAP.
>
>
>
> My sysadmin gave me 3 wildcard openssl files; with an ext of .cert,
> .
Hi,
There was an email earlier yesterday about LDAP/SSL/TLS but I'm going to
revise my question. Please disregard the email because instead of
creating certificates,
I'm going to use certs provided by my linux admin to configure SSL/TLS
with LDAP.
My sysadmin gave me 3 wildcard ope
Hello,
Yes, you are right. I can do it using the 'ca' command. Thanks for the
hint.
Gerald
On Tue, Aug 18, 2009 at 11:48 AM, Serge Fonville
wrote:
> Why don't you use the ca command?
>
>
> On Tue, Aug 18, 2009 at 9:38 AM, Gerald Iakobinyi-Pich > wrote:
>
>> Hello,
>>
>> So I have played arr
On Tue, Aug 18, 2009, Gerald Iakobinyi-Pich wrote:
> Hello,
>
> So I have played arround a little bit more yesterday, but with the same
> result.
> Attached are the the openssl.cnf I am using. The problem is the same, I do
> not know how to override the subject information from the config file
>
Why don't you use the ca command?
On Tue, Aug 18, 2009 at 9:38 AM, Gerald Iakobinyi-Pich
wrote:
> Hello,
>
> So I have played arround a little bit more yesterday, but with the same
> result.
> Attached are the the openssl.cnf I am using. The problem is the same, I do
> not know how to override t
Hello,
So I have played arround a little bit more yesterday, but with the same
result.
Attached are the the openssl.cnf I am using. The problem is the same, I do
not know how to override the subject information from the config file
(specified in the "req_distinguished_name" section), from the comm
What does your openssl.cnf look like, since it is used in the req?
On Mon, Aug 17, 2009 at 6:00 PM, Gerald Iakobinyi-Pich
wrote:
> Hy,
>
> So my end goal is to have a CA, which I can use to sign certificates. I
> have set up a CA, that was not that hard. But now I want to create
> certificates si
Hy,
So my end goal is to have a CA, which I can use to sign certificates. I have
set up a CA, that was not that hard. But now I want to create certificates
signed by my CA, and I want to provide the subject from the command line. I
don't want it to be read from the openssl.cnf. That is because I h
Hi,
I assume you have done a lot of googling and have read the docs extensively.
First, what is your end goal?
Since creating a certificate and having it signed by your own CA is not that
difficult.
What resources have you consulted.
What have you already tried.
Have you looked at the resulting c
Hello,
I am trying to create a certificate, on win, and I am having some troubles
with OpenSSL. First I generate a key. That's ok. Then I create a request:
openssl req -config .\openssl.cnf -subj
"/C=DE/L=Munchen/ST=Bayern/O=Org/OU=Dev/CN=Test
Certificate" -new -days 365 -key
..\demo_store\priva
Hello,
I am trying to create a certificate, on win, and I am having some troubles
with OpenSSL. First I generate a key. That's ok. Then I create a request:
openssl req -config .\openssl.cnf -subj
"/C=DE/L=Munchen/ST=Bayern/O=Org/OU=Dev/CN=Test Certificate" -new -days 365
-key ..\demo_store\priva
Can someone point me to some documentation on how to create certificates
during runtime in the code?
I can use the openssl command from solaris at the terminal but how do I
do it in the code?
Thanx.
Dave
__
OpenSSL Project
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Jason,
edf green schrieb:
> Very straight forward and well documented? You gotta be kidding.
> Perhaps for a long time openssl developer, but not for your run of the
> mill C developer. I spent all last night going through the example
> provid
> What im talking about is functions like a2i_ASN1_INTEGER.
> When i check the crypto library documentation on openssl.org
> for usage or such, there is no man page available,
> actually.. the entire asn1 section is blacked out.
There's no reason you need to use that function. The load_serial/sa
Very straight forward and well documented? You gotta be kidding. Perhaps for a long time openssl developer, but not for your run of the mill C developer. I spent all last night going through the example provided, and yeah beyond being painfully inhibiting for a developer in its complexity, its a
Looks at the source for the command-line tool that you're using.
/r$
--
STSM, Senior Security Architect
SOA Appliances
Application Integration Middleware
__
OpenSSL Project http://www.open
Please don't top post.
>> Look at apps/x509.c function x509_certify().
> you're kidding right? That has to be some of the most atrocious
> and confusing code i have ever seen. I dont suppose anyone has
> anything more practical as an example?
> Perhaps some documentation on the process or such
you're kidding right? That has to be some of the most atrocious and confusing code i have ever seen. I dont suppose anyone has anything more practical as an example? Perhaps some documentation on the process or such.
On 9/20/06, Marek Marcola <[EMAIL PROTECTED]> wrote:
Hello,> Long time
Hello,
> Long time reader, first time poster. I have a problem
> currently with the generation of a SSL cert using the libssl/crypto
> apis. I can generate keys fine, but i cannot find any documentation
> on how to actually create a cert file via anything other then the
> openssl command l
Hello all, Long time reader, first time poster. I have a problem currently with the generation of a SSL cert using the libssl/crypto apis. I can generate keys fine, but i cannot find any documentation on how to actually create a cert file via anything other then the openssl command line too
iew this message in context:
http://www.nabble.com/Creating-certificates-t1502430.html#a4073593Sent from the OpenSSL - User forum at Nabble.com.__
OpenSSL Project http://www.openssl.orgUser Supp
tell me how to correct this?
Many thanks.
Nathan
--
View this message in context:
http://www.nabble.com/Creating-certificates-t1502430.html#a4073593
Sent from the OpenSSL - User forum at Nabble.com.
__
OpenSSL Project
Michael Helm wrote:
[...]
What I wanted to try (& might eventually) is going back to the client
test we did some time ago. We found that the client always ignored
the extra subjectaltname entries, and so I suspect that the subject
components are the ones evaluated.
To my knowledge, tests made rece
"Lee Dilkie" writes:
> you didn't look at the certificate fully. there is also
>
> RFC822 [EMAIL PROTECTED]
> RFC822 [EMAIL PROTECTED]
> RFC822 [EMAIL PROTECTED]
> in the Subject Alternative Name as rfc3280 requires.
That is very clever of them! I have been meaning to test your cert consruction
> IMHO if you want to use multiple email addresses within the
> same certificate
> you should use multiple subjectAltName extensions. This
> ensures usability
> with available clients (i.e. Mozilla, Thunderbird, etc... ).
> I guess you
> are able to use the certificate because the same addresses
Lee Dilkie wrote:
Mine works fine.
I have multiple "E=" fields in the subject attribute. I use the same
certificate from several accounts.
(This message is signed so you can take a look for yourself).
Also, this isn't openssl generated but I see no reason why that would
matter.
IMHO if you want
o the same with an openssl generated
certificate.
-lee
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Michael Helm
> Sent: Tuesday, February 03, 2004 3:55 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Creating certificates with more
"Lee Dilkie" writes:
> Mine works fine.
In a sense.
E = [EMAIL PROTECTED], E = [EMAIL PROTECTED], E = [EMAIL PROTECTED], CN = Thawte
Freemail Member
rfc 3280
http://www.ietf.org/rfc/rfc3280.txt
p 23-24, section 4.1.2.6 Subject
In addition, legacy implementations exist where an RFC 822 name
Hi,
>in openssl.cnf in the section regarding the DN definition.
>
>0.emailAddress
>1.emailAddress
Thanks for your answer! Now I have two E-Mail addresses in in my cert, but I
can only sign mails, which I send with the first eMail address. :-( When
sending withh the second one, Outlook (XP and Exp
I had created one certificate but the2nd email address was just UNUSABLE.
I couldn't use that 2nd email address to sign, encrypt. etc.
Tested with Mozilla and Outlook family email clients.
Frédéric Giudicelli wrote:
in openssl.cnf in the section regarding the DN definition.
0.emailAddress
1.email
in openssl.cnf in the section regarding the DN definition.
0.emailAddress
1.emailAddress
--
Frédéric Giudicelli
http://www.newpki.org
Stephan Boldt wrote:
Hello!
Is it possible to create certificates with more than one eMail address? I
want to create a cert which can sign mails from different eM
Hello!
Is it possible to create certificates with more than one eMail address? I
want to create a cert which can sign mails from different eMail addresses.
Is that possible? And if it is, how can I do it?
Thank you for your help!
Stephan
_
teven
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Kambourakis GeorgiosSent: Thursday, 2 October 2003
4:24 AMTo: [EMAIL PROTECTED]Subject: Creating
Certificates for Pocket PC
Hi,
I have succesfully installed openssl 0.9.7b for
Wi
Hi,
I have succesfully installed openssl 0.9.7b for
Windows CE,
and i need to create certificates for
my openssl client that runs on a pocket pc 2002.
When i run openssl from command prompt (in
Win 2000) writes: "The image file openssl.exe is valid, but is for a machine
type other than t
In message <[EMAIL PROTECTED]> on Mon, 11 Aug 2003 14:36:52 +0900,
"Shalkebaev,AntonMSCAG" <[EMAIL PROTECTED]> said:
ShalkebaevA> Take a look at www.pyca.de anototrher one is
ShalkebaevA> http://cultura.eii.us.es/~pablo/elyca/
Added to the collection of links in
http://www.openssl.org/related/ap
Title: Creating certificates
OpenSSL Ver: 0.9.6b
OS: Solaris 8
CC: CC 5.2
I would like to be able to create certificates without using the openssl tool if possible. I don't like the idea of my program having to call an outside application to create certificates, and I was wond
Hi,..
I can't seem to generate a valid certificate for my openSSL app.
Whenever I try a certificate that is produced by me, using the openssl command line
tool, or some other tool, I get the following error msgs from my app.:
12359:error:0906406D:PEM routines:DEF_CALLBACK:problems getting passw
Joe:
I don't know if Matt is also planning a website, but I haven't even
started mine, so I can't give you a link to it.
-Mike
Joe Novielli wrote:
>
> BTW MATT : Your web link would be much appreciated to clear the concepts
> for neophytes.
>
> At 04:03 PM 08/11/99 -0700, you wrote:
> >Hi:
I'm still unsure about the CA cert?
What does this do, how does it fit in?
Is this the SAME as a signed certificate which the web server uses? (I
don't think so)
Which certificate is the one browsers need to install? (ie: the one we need
to generate for them)
I'm fine with:
- generating a s
40 matches
Mail list logo
