Re: Newbie Question here...

On 4/24/2012 6:19 PM, bfinkel...@aaamissouri.com wrote: I have installed Win32 Binary including OpenSSL 0.9.8t (MSI Installer): httpd-2.2.22-win32-x86-openssl-0.9.8t.msi on my windows server. I want

Newbie Question here...

I have installed Win32 Binary including OpenSSL 0.9.8t (MSI Installer): httpd-2.2.22-win32-x86-openssl-0.9.8t.msi on my windows server. I want to upgrade JUST openSSL that's bundled with this install to the latest PCI compliant version. I want to go to OpenSSL 0.9.8u or possibly w.How c

Re: Newbie question on EVP API

Alexey Luchko writes: > I'm new to openssl. > I've got two questions on EVP API: > > 1. What do EVP_EncryptInit_ex and EVP_CipherInit_ex differ with? > When should I use encrypt/decrypt and when cipher? If you look at the source, EVP_EncryptInit_ex/EVP_DecryptInit_ex are just trivial wrapper

Newbie question on EVP API

Hi! I'm new to openssl. I've got two questions on EVP API: 1. What do EVP_EncryptInit_ex and EVP_CipherInit_ex differ with? When should I use encrypt/decrypt and when cipher? 2. Where can I read about cipher modes? There are several modes for each cipher on http://openssl.org/docs/c

Newbie question: how could I sign an image

HI All, How could I sign an image using SHA256 or RSA? Thanks, B __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manag

Re: newbie question: sample s_server usage

On 9/28/07, Deep Chand <[EMAIL PROTECTED]> wrote: > > Hi, > > I'm a newbie to openssl and openssl toolkit. i need to add support for tls > to one java client including client authentication, and i've made the > changes to the client and need to test it with server, so trying to use > s_server. I ha

newbie question: sample s_server usage

o generate client/server public/private key certificates using rsa algo. how do i use these certificates in invoking and testing my client using s_server? any help is appreciated. thanks, deep -- View this message in context: http://www.nabble.com/newbie-question%3A-sample-s_server-usage-tf45

(complete) newbie question

Hi Guys 'n' girls, I've been a member of the list, but not really reading (because WOW - it's technical!) but nonetheless want to get my head around not only the production of certificates, but also their implimentation on servers. What my sole goal(s) [!] is, is to be able to: 1. Produce my ow

RE: Newbie question

TECTED] On Behalf Of Bertram Scharpf Sent: Wednesday, January 31, 2007 7:44 PM To: openssl-users@openssl.org Subject: Re: Newbie question Hi, Am Mittwoch, 31. Jan 2007, 13:02:13 -0500 schrieb Doug Kunzman: > Can openssl be used for HTTP communication without using SSL if in the > future we

Re: Newbie question

On Wed, Jan 31, 2007, Doug Kunzman wrote: > All - > > I was looking for an interface or factory class like java has were you can > switch between SocketFactory and SSLSocketFactory and both implement the > Socket interface. Does this help? The port is no big deal but the low > level asynchrono

Re: Newbie question

On Thu, Feb 01, 2007 at 01:44:05AM +0100, Bertram Scharpf wrote: > > Can openssl be used for HTTP communication without using SSL if in the > > future we are going to SSL communication to our project? > > You should consider using SSL right from the start. There > are loads of key generation howt

Re: Newbie question

Hi, Am Mittwoch, 31. Jan 2007, 13:02:13 -0500 schrieb Doug Kunzman: > Can openssl be used for HTTP communication without using SSL if in the > future we are going to SSL communication to our project? You should consider using SSL right from the start. There are loads of key generation howtos on t

RE: Newbie question

users@openssl.org Subject: Re: Newbie question This is just a shot in the dark answer -- because I don't know of a way to use SSL without using SSL :) You can get a web-site project up and running using port 443 with a web-server (like apache), without using openSSL encryption on port 443...

Re: Newbie question

later and can encrypt communications over port 443. Bill Angus, MA http://www.psychtest.com - Original Message - From: Doug Kunzman To: openssl-users@openssl.org Sent: Wednesday, January 31, 2007 10:02 AM Subject: Newbie question Can openssl be used for HTTP communic

Newbie question

Can openssl be used for HTTP communication without using SSL if in the future we are going to SSL communication to our project? Doug __ OpenSSL Project http://www.openssl.org User Support Mailing

Re: OpenSSL newbie Question [Regd: java class to read a PEM file]

Hi, If I may attempt a slightly better response than my first one! Sorry to openssl-dev people about spamming your list with this. Probably this email is better suited to openssl-users, so I'm cross-posting it. (If anyone decides to reply, please reply to openssl-users!) 1. Dr Stephen N. Hen

Re: Newbie question X509 certificate stores

On Mon, Jan 02, 2006, Dr. Stephen Henson wrote: > On Mon, Jan 02, 2006, George Garvey wrote: > > >Some problems w/reverse DNS prevented posting this until now. > > > > On Wed, Dec 28, 2005 at 07:12:30PM +0100, Dr. Stephen Henson wrote: > > > On Wed, Dec 28, 2005, George Garvey wrote: > > >

Re: Newbie question X509 certificate stores

On Mon, Jan 02, 2006, George Garvey wrote: >Some problems w/reverse DNS prevented posting this until now. > > On Wed, Dec 28, 2005 at 07:12:30PM +0100, Dr. Stephen Henson wrote: > > On Wed, Dec 28, 2005, George Garvey wrote: > > > > >I'm having a very similar problem as this one. > > >

Re: Newbie question X509 certificate stores

Some problems w/reverse DNS prevented posting this until now. On Wed, Dec 28, 2005 at 07:12:30PM +0100, Dr. Stephen Henson wrote: > On Wed, Dec 28, 2005, George Garvey wrote: > > >I'm having a very similar problem as this one. > >I have a file I made from data sent from an AS2 system.

Re: Newbie question X509 certificate stores

Some problems w/reverse DNS prevented posting this until now. On Wed, Dec 28, 2005 at 07:12:30PM +0100, Dr. Stephen Henson wrote: > On Wed, Dec 28, 2005, George Garvey wrote: > > >I'm having a very similar problem as this one. > >I have a file I made from data sent from an AS2 system.

RE: Newbie question X509 certificate stores SOLVED

> > There seems to be a problem with whatever has been used to save the data. > It > is prepending the byte 0, 1 to the start of the structure. If you skip > these > OpenSSL has no problems parsing the PKCS#7 data. > Worked a treat. I downloaded an older version of the PKZIP application note, a

Re: Newbie question X509 certificate stores

On Wed, Dec 28, 2005, George Garvey wrote: >I'm having a very similar problem as this one. >I have a file I made from data sent from an AS2 system. The HTTP > headers before the data are (abbreviated to the S/MIME stuff): > Subject: EDIINTDATA > Message-Id: <[EMAIL PROTECTED]> > Dispositio

Re: Newbie question X509 certificate stores

I'm having a very similar problem as this one. I have a file I made from data sent from an AS2 system. The HTTP headers before the data are (abbreviated to the S/MIME stuff): Subject: EDIINTDATA Message-Id: <[EMAIL PROTECTED]> Disposition-Notification-To: inXServices Disposition-Notification-

Re: Newbie question X509 certificate stores

On Wed, Dec 28, 2005, Chris Morrison wrote: > > > > > What do you mean "fails to open the store"? > > > > What does the data look like that you are feeding into d2i_PKCS7()? Doies > > it > > have lines with -BEGIN in it? > > I cannot find this anywhere in the data. > > > > > If

RE: Newbie question X509 certificate stores

> > What do you mean "fails to open the store"? > > What does the data look like that you are feeding into d2i_PKCS7()? Doies > it > have lines with -BEGIN in it? I cannot find this anywhere in the data. > > If the data is available as a file try: > > openssl pkcs7 -in file -inf

Re: Newbie question X509 certificate stores

On Tue, Dec 27, 2005, Chris Morrison wrote: > > > I've finally found time to get back to this project. Thanks for the pointers > Steve. > > However, I've tried using the above call d2i_PKCS7(), but it fails to open > the store with the errors below. > > 4777:error:0D0680A8:asn1 encoding routin

RE: Newbie question X509 certificate stores

> -Original Message- > From: [EMAIL PROTECTED] [mailto:owner-openssl- > [EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson > Sent: 13 August 2005 17:44 > To: openssl-users@openssl.org > Subject: Re: Newbie question X509 certificate stores > > On Sat, Aug 13, 20

Re: Newbie question X509 certificate stores

On Sat, Aug 13, 2005, Chris Morrison wrote: > Michael wrote: > > >Hi Chris, > > > >What type of keystores are you talking about here? (pkcs#12?) > > > > > > > It's a PKCS#7 store, I am trying to read the certificate store from a > digitally signed ZIP file. > > I have done it with no probs in

Re: Newbie question X509 certificate stores

Michael wrote: Hi Chris, What type of keystores are you talking about here? (pkcs#12?) It's a PKCS#7 store, I am trying to read the certificate store from a digitally signed ZIP file. I have done it with no probs in VC++ using Microsoft's CryptoAPI, you just read the data into a buffer,

Re: Newbie question X509 certificate stores

Hi Chris, What type of keystores are you talking about here? (pkcs#12?) Michael. On 8/13/05, Chris Morrison <[EMAIL PROTECTED]> wrote: > So many replies. I don't know where to start. > > > Chris Morrison wrote: > > >Hi all, > > > >I have recently moved over to Linux, having rid my computer of

Re: Newbie question X509 certificate stores

So many replies. I don't know where to start. Chris Morrison wrote: Hi all, I have recently moved over to Linux, having rid my computer of the M $.Windows virus. I am porting a program that I wrote over to Linux and I am looking for a library to provide X509 digital certificate functions. M

Newbie question X509 certificate stores

Hi all, I have recently moved over to Linux, having rid my computer of the M $.Windows virus. I am porting a program that I wrote over to Linux and I am looking for a library to provide X509 digital certificate functions. Micro$oft provide a function in their CryptoAPI called CertOpenStore() whi

Re: Newbie question (with answer - long)

On Fri, 2005-04-01 at 07:31 +0530, Denis wrote: > Don't you need to allocate some memory to be able to store the RSA key > in r_rsa? I assumed that would happen automatically due to the 'pointer-to- pointer' parameter. Best regards, jules BTW: Doing the following solved my problem: RSA *re

Re: Newbie question

Don't you need to allocate some memory to be able to store the RSA key in r_rsa? -- Denis. On 31 Mar 2005, at 16:33, Jules Colding wrote: RSA *r_rsa; __ OpenSSL Project http://www.openssl.org User

Newbie question

Hi, I am trying to create RSA public and private keys on Windows with OpenSSL 0.9.7e. I want to save both to disk for later use, but I can't figure out how to read them again... I am doing the following: CUT rsa = RSA_generate_key(RSA_KEY_LENGTH, RSA_F4, NULL, (char *

Re: Total newbie Question

Hi OpenSSL! On Sun, 13 Feb 2005, Sean Rima wrote: > Hi COMPSUPPLIER! > > On Sun, 13 Feb 2005, [EMAIL PROTECTED] wrote: > > > you need a private.key and a myserver.key and you will have a server.csr > > and > > yourdomain.csr > > > > you will also need your THAWTE CA.txt which is signed ver

Re: Total newbie Question

Hi COMPSUPPLIER! On Sun, 13 Feb 2005, [EMAIL PROTECTED] wrote: > you need a private.key and a myserver.key and you will have a server.csr and > yourdomain.csr > > you will also need your THAWTE CA.txt which is signed version of > yourdomain.csr,but this needs to match with your private.key

Re: Total newbie Question

you need a private.key and a myserver.key and you will have a server.csr and yourdomain.csr   you will also need your THAWTE CA.txt which is signed version of yourdomain.csr,but this needs to match with your private.key which in turn is linked to yourserver.key   you would need links in your

Re: Total newbie Question

Hi COMPSUPPLIER! On Sun, 13 Feb 2005, [EMAIL PROTECTED] wrote: > Can I email you tomorrow > I had the same problem your experiencing Until I put in the letters SSL i > got the same error on SuSe 9 pro > I managed then to set up our site here > _http://www.mtlgroup.co.uk/shop1/index.php_ > (h

Re: Total newbie Question

Can I email you tomorrow I had the same problem your experiencing Until I put in the letters SSL i got the same error on SuSe 9 pro I managed then to set up our site here http://www.mtlgroup.co.uk/shop1/index.php Also where have you put your private.key, myserver.key you CA.txt the yourdomain

Re: Total newbie Question

Hi COMPSUPPLIER! On Sun, 13 Feb 2005, [EMAIL PROTECTED] wrote: > I had a similar problem and within YAST checking thru the etc/sysconfig > files you have to ensure the Letters SSL are in place you can view and > example > from within your usr/share/doc/packages > > I suggest you check th

Re: Total newbie Question

I had a similar problem and within YAST checking thru the etc/sysconfig files you have to ensure the Letters SSL are in place you can view and example from within your usr/share/doc/packages    I suggest you check the example pages as I am not in front of our servers at present If needed I c

Re: Total newbie Question

Hi COMPSUPPLIER! On Sun, 13 Feb 2005, [EMAIL PROTECTED] wrote: > Which operating system are you using? > > I use SuSE Linux 9.2 Sean __ OpenSSL Project http://www.openssl.org User Support M

Re: Total newbie Question

Which operating system are you using?   [Unable to display image]If we have sent you this message in error, please accept ourapologies. You can be removed from our mailing list by replying to this emailaddress with the words 'REMOVE'This message is intended only for the use of the person(s) (

Re: Total newbie Question

Hi David! On Sat, 12 Feb 2005, David Schwartz wrote: > > > Hi folks, > > > > I am new to openssl and I am trying to use a Thawte key with Mutt > > but I keep > > getting this error message: > > > > Verification failure > > 8458:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify > > er

RE: Total newbie Question

> Hi folks, > > I am new to openssl and I am trying to use a Thawte key with Mutt > but I keep > getting this error message: > > Verification failure > 8458:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify > error:pk7_smime.c:222:Verify error:unable to get local issuer certificate > >

Total newbie Question

Hi folks, I am new to openssl and I am trying to use a Thawte key with Mutt but I keep getting this error message: Verification failure 8458:error:21075075:PKCS7 routines:PKCS7_verify:certificate verify error:pk7_smime.c:222:Verify error:unable to get local issuer certificate I have searched on

AW: Newbie Question SSL Apache

Froehlich Gesendet: Mittwoch, 12. Januar 2005 11:54 An: openssl-users@openssl.org Betreff: Re: Newbie Question SSL Apache R. Markham wrote: > > > Hallo, > > > > I have a question regarding SSLCACertificateFile from the SSL-Apache > in http.conf File. I have a server certif

Re: Newbie Question SSL Apache

R. Markham wrote: Hallo, I have a question regarding SSLCACertificateFile from the SSL-Apache in http.conf File. I have a server certificate which is issued by our Sub CA. My Question which Certificate must I use the Root CA or the Sub CA Certificate. The Root CA Certificate is issued by

Newbie Question SSL Apache

  Hallo,   I have a question regarding SSLCACertificateFile from the SSL-Apache in http.conf File. I have a  server certificate which is issued by our Sub CA. My Question which Certificate must I use the Root CA or the Sub CA Certificate. The Root CA Certificate is issued by DFN-PCA in H

Re: newbie question ...

On Fri, Mar 26, 2004, Carlos Roberto Zainos H wrote: > Hi all !!! > > I've been working for a while with the cipher and digest RC4-SHA1 routines > for a project, but now I want to use the X509 libraries to handle an > certificate.cer issued by a local CA. I've looked and been tried with > d2i_X

newbie question ...

Hi all !!!   I've been working for a while with the cipher and digest RC4-SHA1 routines for a project, but now I want to use the X509 libraries to handle an certificate.cer issued by a local CA. I've looked and been tried with d2i_X509 and d2i_X509_fp routines but my tests fails.   So .. my questio

Re: another Newbie Question

aaahhh, I see now. I err, forgot to include the libarys that go with the header files, got it sorted now. Thanks to all. Darren __ OpenSSL Project http://www.openssl.org User Support Mailing

Re: another Newbie Question

Thanks, but do you have any idea how idea accomplish this in C++ Borland builder? Ive already set it up to search for header files in the relavent folder, what am I missing? On Wed, Jan 21, 2004 at 06:10:39AM -0500, Darren McDonald wrote: > Im currently reading network security with open ssl, and

Re: another Newbie Question

On Wed, Jan 21, 2004 at 06:10:39AM -0500, Darren McDonald wrote: > Im currently reading network security with open ssl, and im well and > truly stuck. ive google, and check the book site to see if its a > reported mistake.. no luck. > > Does anyone know if SSL_library_init(), and SSL_load_error_s

another Newbie Question

Im currently reading network security with open ssl, and im well and truly stuck. ive google, and check the book site to see if its a reported mistake.. no luck. Does anyone know if SSL_library_init(), and SSL_load_error_strings() are part OpenSSL?, or are they functions the writer is using? Im g

Re: newbie question

On Thu, 28 Aug 2003 [EMAIL PROTECTED] wrote: > Is this an SSL, or an Apache directive, if so what directive. I've played > around with "Redirect" but to no avail. And I've tried SSLRequireSSL also > to no avail. Apache. Create a virtual server for the HTTP port, and use a Redirect rule in that

newbie question

We have an Oracle Internet Application Server with Apache 1.3 and OpenSSL. SSL works, but I would like to make it so that when the web user goes to http://whatever.ddd, they are forced/redirected to https://whatever.ddd. Is this an SSL, or an Apache directive, if so what directive. I've playe

Re: Newbie question - Signing CSR's

On Thu, Aug 21, 2003, Rohan Pinto wrote: > > I have a SunONE WebServer 6.0 running on a certain subnet. (www.abcd.com - > for this example) > The Webserver serves content over http. > I intend to protect this content via PDC authentication. To do so, I'd need > 2 things. > 1. A Server Cert > 2. A

Re: Newbie question - Signing CSR's

On Fri, Aug 22, 2003, Charles B Cranston wrote: > >>Based on a dialog that said "unknown critical extension" > > >I've never seen that dialog on Netscape, though I've seen IE produce it. > >What I'm saying is that stepup uses EKU (among other things) to identify > >its > >certificates Netscape 4

Re: Newbie question - Signing CSR's

Based on a dialog that said "unknown critical extension" I've never seen that dialog on Netscape, though I've seen IE produce it. What I'm saying is that stepup uses EKU (among other things) to identify its certificates Netscape 4.[something] did support stepup so presumably it at least partially

Re: Newbie question - Signing CSR's

On Fri, Aug 22, 2003, Charles B Cranston wrote: > Continuation of a dialog between Dr. Stephen Henson > and Charles B Cranston: > > B: These are some of the ones we found: > B: Netscape 4 will not tolerate an ExtendedKeyUsage extension. > > S: Hmmm. What makes you think that? EKU is *required* t

Re: Newbie question - Signing CSR's

Well, I took dumps of the two certificates (and CSR) that Rohan provided, and the dates overlap, which might be the IE specific problem. At first it looked like the subject DNs were exactly the same between the two certificates, but upon closer examination the subject DN for the server certificate

Re: Newbie question - Signing CSR's

Continuation of a dialog between Dr. Stephen Henson and Charles B Cranston: B: These are some of the ones we found: B: Netscape 4 will not tolerate an ExtendedKeyUsage extension. S: Hmmm. What makes you think that? EKU is *required* to handle "step up" S: (aka SGC, magic, 128 bit [yuck]) and Netsca

Re: Newbie question - Signing CSR's

On Fri, Aug 22, 2003, Charles B Cranston wrote: > Dr. Stephen Henson wrote: > > >>These are some of the ones we found: > >>Netscape 4 will not tolerate an ExtendedKeyUsage extension. > > >Hmmm. What makes you think that? EKU is *required* to handle "step up" (aka > >SGC, magic, 128 bit [yuck]) a

Re: Newbie question - Signing CSR's

Dr. Stephen Henson wrote: On Fri, Aug 22, 2003, Charles B Cranston wrote: Well, the sad answer to this question is yes. It turns out that in the design of SSL the client does the verification, so each client has its own little set of peccadillos. Indeed but if the OP means that you need a differ

Re: Newbie question - Signing CSR's

Charles B Cranston wrote: So if you put the two ASCII characters 1A into a file called cacert.srl you would expect the certificate that is produced to have serial number 25 and the file to contain 1B after all the smoke has cleared. I'm sorry, that example should have been (of course) that if you

Re: Newbie question - Signing CSR's

on this Rohan - Original Message - From: "Charles B Cranston" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, August 19, 2003 12:21 PM Subject: Re: Newbie question - Signing CSR's Rohan Pinto wrote: >I wrote What you need to do is: 1. create a root ce

Re: Newbie question - Signing CSR's

#x27;s looking for a file cacert.srl, but I never specified this filename, any insight on this Rohan - Original Message - From: "Charles B Cranston" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, August 19, 2003 12:21 PM Subject: Re: Newbie question - Signing CSR&#x

Re: Newbie question - Signing CSR's (picture enclosed)

On Wed, Aug 20, 2003, Rohan Pinto wrote: > So... > > if the CASr has been generated > and the CSR has been sent to the CA (running openssl) > whats the command (in openssl) to sign this CSR ?? > anything on the lines of.. > > ./openssl -some parameters- request.CSR -some parameters-X

Re: Newbie question - Signing CSR's (picture enclosed)

- From: "Charles B Cranston" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, August 19, 2003 12:50 PM Subject: Re: Newbie question - Signing CSR's (picture enclosed) > Sometimes a picture is worth a thousand words: > > The "Standard Model"

Re: Newbie question - Signing CSR's (picture enclosed)

Sometimes a picture is worth a thousand words: The "Standard Model" of Certificate generation: On the server machine: Generate CSR operation +-+ +-+ | Private Key | | Certificate Signing Request | +--+--+ |

Re: Newbie question - Signing CSR's

Rohan Pinto wrote: >I wrote What you need to do is: 1. create a root certificate 2. install that root certificate into all your web browsers 3. create a CSR on the server 4. use the root to sign that CSR into a server certificate This is the part that i would need help on. I have created a root c

Re: Newbie question - Signing CSR's

On Tue, Aug 19, 2003, Rohan Pinto wrote: > This is the part that i would need help on. I have created a root > certificate, I've imported that into all my web browsers and also on the > webserver. I have also crested a cSR from the webserver. I dont know how to > sign the CSR If I could get s

AW: Challenge Password - Newbie question

PROTECTED] -- -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Charles B Cranston Gesendet: Montag, 18. August 2003 18:53 An: [EMAIL PROTECTED] Betreff: Re: Challenge Password - Newbie question You seem to be

Re: Challenge Password - Newbie question

On Mon, Aug 18, 2003, Sevcik Berndt wrote: > I am using the following script to create my certificate. > openssl req -new -keyout newreq.pem -out newreq.pem -passin > pass:1whatever -passout pass:whatever -days 365 > openssl ca -policy policy_anything -out newcert.pem -passin > pass:whatever -key

Re: Challenge Password - Newbie question

You seem to be somewhat confused on several counts. I think there is a problem with your script, which I have written here in more readable format: openssl req -new -keyout newreq.pem -out newreq.pem \ -passin pass:1whatever -passout pass:whatever \ -days 365 Unless the

Challenge Password - Newbie question

I am using the following script to create my certificate. openssl req -new -keyout newreq.pem -out newreq.pem -passin pass:1whatever -passout pass:whatever -days 365 openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpclient_ext -extfile xpextensio

Re: Newbie question: unable to load Netscape SPKAC structure

Thank you very much for the help!!! The charriage returns (^M) appeared in the file because the browser was running in a MacOS X, there is no problem if the Netscape client is runnig in Linux, for example. I have made a script to delete the charriage returns (^M). But... when i try to sign the

Re: Newbie question: unable to load Netscape SPKAC structure

Richard Levitte - VMS Whacker wrote: I see a number of embedded charriage returns (^M). hos need to be removed. Yes. My current experimental code does this, I don't believe I would have put it in if it were not necessary: } elsif ( $req=$data->{'spkac'} ) {# Netscape SPKAC # $$

Re: Newbie question: unable to load Netscape SPKAC structure

In message <[EMAIL PROTECTED]> on Mon, 14 Jul 2003 17:34:21 +0200, David García Aristegui <[EMAIL PROTECTED]> said: david> At first, the certreq. is david> david> more certreq.8558 david> david> commonName = Client Example david> emailAddress = [EMAIL PROTECTED] david> organizationName = Or

Re: Newbie question: unable to load Netscape SPKAC structure

At first, the certreq. is more certreq.8558 commonName = Client Example emailAddress = [EMAIL PROTECTED] organizationName = Org organizationalUnitName = Unit localityName = Madrid stateOrProvinceName = Madrid countryName = ES SPKAC = MIICUTCCATkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIzBD

Re: Newbie question: unable to load Netscape SPKAC structure

What does certreq.9484 look like? Especially when decoded with the "openssl spkac" tool? David García Aristegui wrote: I'm following the CA recipe examples to do a CA setup under an AIX 5 environment. http://home.himolde.no/~kd/prosjekt/ca/ca.html openssl version 0.9.7 Browsers to test the clie

Newbie question: unable to load Netscape SPKAC structure

I'm following the CA recipe examples to do a CA setup under an AIX 5 environment. http://home.himolde.no/~kd/prosjekt/ca/ca.html openssl version 0.9.7 Browsers to test the client: Mozilla 1.0 or Netscape 7.01 When i try to sign the client certificate request... openssl ca -spkac certreq.9484 -

Newbie Question Re: Public Key Encryption [Please help!!]

Hi, I am trying to encrypt a session key that I created using DES_KEY_SCHEDULE. I am using RSA_public_encrypt to encrypt the session key (8 bytes) with the public key using RSA_PKCS1_OEAP_PADDING. This creates a 64byte encrypted session key. I send this to the Server on the windows machine.

Re: RSA public and private key lengths (newbie question)

Hi, Thanks a lot for the reply. I have one more question. >The private key contains all the RSA key data whereas the public key >contains just the public components. So yes, this is normal. > >Cheers, >Geoff Since public key contains only the public components is it possible to encryp

Re: RSA public and private key lengths (newbie question)

Hi, On Sat, 13 Jul 2002, Manish Ramesh Chablani wrote: > Here is the snippet of my code which generates RSA key pair and then > saves the public and private keys in character buffer. However the output shows > the public key and private keys are of different sizes.. I was under the > impre

RSA public and private key lengths (newbie question)

Hi, Here is the snippet of my code which generates RSA key pair and then saves the public and private keys in character buffer. However the output shows the public key and private keys are of different sizes.. I was under the impression that pub and priv keys are of same sizes.. is my

Re: Newbie question, extending life of self-signed certs beyond 30 days.

-users@Subject: Newbie question, extending life of self-signed certs beyond 30 days. opens

Newbie question, extending life of self-signed certs beyond 30 days.

Hi, I have a RH 7.2 system running Apache 2.0.39 and openssl-0.9.6b-8. I used the openssl utilities to create a private key and a self-signed certificate. I noticed that my browser showed the certiciate having a validity of only a month, so I went to the /usr/share/ssl/openssl.cnf file and changed

Newbie Question: Java, SOAP and SSL

Hello... Is there a cookbook for Java-->OpenSSL avaialble for the SSL newbie? I'm trying to connect a Java server (GLUE SOAP server) that I've SSL-enabled by using keytool to generate a certification file. I've used the following command to do that: keytool -genkey -alias test -keyalg rsa -key

Re: newbie question on OCSP

Issac Goldstand wrote: > > OK... I think I get it... Now, the openssl site mentions an ocsp > command for openssl, which I would assume would enable it to launch an > ocsp response server. Firstly, I have openssl-0.9.6c-engine, and yet > cannot find ocsp by me? Is it part of the planned 0.9.7

re: newbie question on OCSP

OK... I think I get it... Now, the openssl site mentions an ocsp command for openssl, which I would assume would enable it to launch an ocsp response server. Firstly, I have openssl-0.9.6c-engine, and yet cannot find ocsp by me? Is it part of the planned 0.9.7? If so, is there a stable-lo

Re: newbie question on OCSP

Rich Salz wrote: > An org might consider its CRL private info ("ooh look, Fred must > have gotten fired") In private email, I was prompted to explain this better. The issue is not when ONE cert is revoked, but when a large number, and you can make guesses about the number range. For exa

Re: newbie question on OCSP

There are other differences: CRL's can be big An org might consider its CRL private info ("ooh look, Fred must have gotten fired") It's hard to *prove* you consulted a CRL; for OCSP use a hash of your "real" document as the nonce, and save the response. An OCSP re

Re: newbie question on OCSP

is my understanding of the OCSP protocol. I hope this helps... Regards Suram - Original Message - From: Issac Goldstand <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 08, 2002 1:17 AM Subject: newbie question on OCSP Can someone please help a poor newbie understand

newbie question on OCSP

Can someone please help a poor newbie understand exactly what this is for and how it's used? I've tried looking at the documentation, but I feel like I'm drowning, probably because I'm trying to understand the details, but not quite getting the simple stuff,.. Thanks in advance, Issac _

Re: newbie question

"Anderson Farias" <[EMAIL PROTECTED]> writes: > I'm a software developer that uses Interbase as my backend > database. I have no expertise/knowlege on SSL and fewer on TCP/IP > and networking. > > I was discusing at an Interbase newsgroups about the easy to break > encription of Interbase usernam

RE: newbie question

e on Linuxdoc, etc. that help with key concepts I've used SSL to secure our VPN, and it works great. Pascal -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Anderson Farias Sent: Sunday, 17 February 2002 12:07 p.m. To: [EMAIL PROTECTED] Subject: newbi

newbie question

Hi,   I'm a software developer that uses Interbase as my backend database. I have no expertise/knowlege on SSL and fewer on TCP/IP and networking.   I was discusing at an Interbase newsgroups about the easy to break encription of Interbase username/password over the net during connection (cl

  1   2   >