I think the error messages are pretty clear in these cases. Trying to
set a hash with (standardized) EdDSA is not going to go well for you.
Have you tried this very nice walkthrough?
https://tools.ietf.org/html/draft-moskowitz-eddsa-pki-00
BBB
On Thu, Jun 6, 2019 at 9:47 AM Sowmya P wrote:
>
>
Hi ,
Have query regarding generation of X255519 and X448 certificate chain
Below is the script which i used to generate certificate chain of Ecdsa
type.
https://github.com/raja-ashok/sample_certificates/blob/master/ECC_Prime256_Certs/gen_ecc_cert.sh
Now for generating EdDSA certificate chain I am
Good Evening all,
I have 2 Root Certificate Authorities which I want to use to cross sign
an intermediate certificate. I created a certificate request and signed
it with both CAs.
I issued an end user certificate with the intermediate CA and added both
intermediate CA Certificates (the one from
l.org [ <mailto:owner-openssl-us...@openssl.org>
mailto:owner-openssl-us...@openssl.org] On Behalf Of Jake anderson
Sent: Thursday, February 06, 2014 04:48
To: <mailto:openssl-users@openssl.org> openssl-users@openssl.org
Subject: *** Spam *** Clarification for renewing OPENSSL certificate
Hello Users,
I am looking for a help to renew a expired OPENSSL certificate, where I am
using this file in our mainframe.
The file extension are .cer,rdb,sth are the current expired file extension.
Could someone please shed light on the above
Jake
Hello,
One of our OPEN SSL keyring is expired.
error 18 at 0 depth lookup:self signed certificate
error 10 at 0 depth lookup:Certificate has expired
OK
currently our key locations has the below files :
ctscert,ctscert.cer,ctscert.rdb,ctscert.sth
So We have been usong ctscert as the HFS keyring
>From: owner-openssl-us...@openssl.org On Behalf Of Indtiny s
>Sent: Sunday, 16 December, 2012 11:04
This is not a -dev question.
> I am using root certiciate which is there in DER format at client ,
>to verify the peer .
>When I execute my cCURL clinet code I get the below error .
>223: SSL
On Tue, Nov 09, 2010 at 01:31:40PM -0500, josh kirbey wrote:
> Thanks Viktor for your quick response. Even I am contesting the unnecessary
> usage of 3072 bit sized key.
>
> Surprisingly, in the given scenario, if I write this line of code before
> modifying the certificate it works like a charm.
Thanks Viktor for your quick response. Even I am contesting the unnecessary
usage of 3072 bit sized key.
Surprisingly, in the given scenario, if I write this line of code before
modifying the certificate it works like a charm.
pkcs7 = PKCS7_dup(pkcs7);
Below is the flow of APIs
1) pkcs7 = PKCS7_d
On Tue, Nov 09, 2010 at 11:42:14AM -0500, josh kirbey wrote:
> Hi All,
>
> We are required to upgrade the sizes of private/public key pairs to 3072
> bits from 1024 bits.
Welcome to bureaucratic insanity. There is no rational basis for
this requirement. Even 2048 bits is excessively conservative
Hi All,
We are required to upgrade the sizes of private/public key pairs to 3072
bits from 1024 bits.
We have two main data structures, X509Stack and PKCS7. We fill these two
structures at the initialization by reading the PEM files on disk.
During the upgrade process, I pick the X509stack and pi
On 12 Oct 2010, at 11:48 PM, Vinay Kumar L wrote:
> I am trying to generate certificate which is valid for 20years. As the
> 20years crosses unix end time(January 19, 2038 03:14:07 GMT) from the current
> date, openssl certificate generated will have wrong dates
My understanding is
On Wed, Oct 13, 2010, Vinay Kumar L wrote:
> Hi all,
>
> I am trying to generate certificate which is valid for 20years. As the
> 20years crosses unix end time(January 19, 2038 03:14:07 GMT) from the
> current date, openssl certificate generated will have wrong dates(Not
> be
Hi all,
I am trying to generate certificate which is valid for 20years. As the
20years crosses unix end time(January 19, 2038 03:14:07 GMT) from the
current date, openssl certificate generated will have wrong dates(Not
before and not after times) in certificate as follows:
*Validity
Sorry for this late reply, I have been otherwise busy for some time.
Yes, I did this via Server 2008 R2.
What I actually did was to add the certificate via Group policy, so
it was automatically propagated to the trusted CA store on all computers
in the domain (including Windows 2000/XP/2003/Vist
Hi,
Have a question. Is this the Windows native store for CA
certificates ? Which MS help doc. are you referring ? We want a secure
storage facility for all our certificates but we don't to buy a
separate product.
Thanks,
Mohan
On Wed, Sep 8, 2010 at 5:10 AM, Dongsheng Song wrote:
> Are
Are you test with 2008/win7 ?
My self-signed certificate can automatically goto 'Trusted Root
Certification Authorities'
on XP/2k3 box, but not 2008 box.
If the answer is 'YES', could you share the configuration ?
Because I compared my self-signed certificate with microsoft 2010 ROOT CA,
no valu
On 07-09-2010 09:59, Dongsheng Song wrote:
Hi,
When I install my self-signed certificate to 'Certificate Store' of
Windows 2008,
if I select 'Automatically select the certificate store based on the
type of certificate',
then the self-signed certificate will be in the 'Intermediate
Certification
Dongsheng,
One solution is to manually specify the location to install the certificate.
This will pop up a dialog box with a list of all the certificate stores
that are available, and from here you can select Trusted Root Certificate.
As far as tweaking your certificate so that it looks like a
Hi,
When I install my self-signed certificate to 'Certificate Store' of Windows
2008,
if I select 'Automatically select the certificate store based on the type of
certificate',
then the self-signed certificate will be in the 'Intermediate Certification
Authorities',
not 'Trusted Root Certification
Hi,
I wanted to understand whether openssl supports certificate and key storage
and management?
Is there any way in openssl which would help me to store private/ encrypted
private keys in openssl store?
I was able to find methods for storing and accessing certificate store in
the SSL protocol.
Also
Hi…I m trying to create a digital signature and verify it. I created a
private-public key pair of 2048 bits using openssl (version
openssl-0.9.8h-1-doc).
I used genrsa command of openssl to generate a key pair.
Then I used that key pair to generate a self signed certificate of .crt
format for my u
Hi People,
I am using a trusted-roots file with Digital Certificates for various
servers.
But I am unable to connect to one of these servers.
The error I see is:
X509_V_ERR_CERT_UNTRUSTED
Any ideas on what could be wrong?
regards,
Sugandh
to check the system certificate store automatically, you have to specify
-CApath to it. However, programs that automatically use the openssl
certificate store such as wget, mutt, subversion, should be working
correctly.
[EMAIL PROTECTED] HPCBP]# openssl s_client -connect blrm188.hpccluster
Hi Sachin:
On July 29, 2008 09:53:47 am Sachin Puttur wrote:
> Hi,
> The Self signed Certificate is created in Windows server 2008 as given
> below.We have created the certificate file hpcpb.cer.
>
> Then we will follow below steps in linux machine .
>
> 1) openssl x509 -in test.cer -i
Hi,
The Self signed Certificate is created in Windows server 2008 as given
below.We have created the certificate file hpcpb.cer.
Then we will follow below steps in linux machine .
1) openssl x509 -in test.cer -inform d -out hpcbp.pem
2) cp hpcbp.pem /usr/share/ssl/certs/
On Jan 4, 2008 7:19 AM, Tran Son wrote:
> Hi all.
> Whenever i create certificates using openssl i have to type my pass phrase
> and something else. Now how can i create certificate just using single
> commands with the pass phrase, country... in the parameter list so i dont
> have to type them sep
I think you can use : -passin pass:"yourpass" ...
Dr Franck ROUSSIA
Tran Son a écrit :
Hi all.
Whenever i create certificates using openssl i have to type my pass
phrase and something else. Now how can i create certificate just using
single commands with the pass phrase, country... in the par
Hi all.
Whenever i create certificates using openssl i have to type my pass phrase and
something else. Now how can i create certificate just using single commands
with the pass phrase, country... in the parameter list so i dont have to type
them separately.
I tried some command such as -passin o
Hi,
Is it possible to give answer of "Sign the certificate? [y/n]:"question to
openssl command with some parameters? I prefer "y" option.
Does openssl accepts "y" option with the following command by default?
openssl ca -batch -key 123456 -config openssl.cnf -out new-cert.pem -infiles
new-req
Hello,
> Is it possible to give answer of "Sign the certificate?
> [y/n]:"question to openssl command with some parameters? I prefer "y"
> option.
>
> Does openssl accepts "y" option with the following command by default?
>
> openssl ca -batch -key 123456 -config openssl.cnf -out new-cert.pem
>
Hello,
> I solved the problem. I used "-batch" parameter with openssl with the
> following command. Now I wonder what is the answers of the questions
> (Sign the certificate? [y/n]:"). How can I learn which option [y/n]
> (yes/no) is used?
In OpenSSL source file apps/ca.c look at 'batch' variable,
Hi,
I solved the problem. I used "-batch" parameter with openssl with the following
command. Now I wonder what is the answers of the questions (Sign the
certificate? [y/n]:"). How can I learn which option [y/n] (yes/no) is used?
openssl ca -batch -key 123456 -config openssl.cnf -out new-cert.p
Hi,
I tried the following command. But this command asks some questions ( for
instance it asks me "Sign the certificate? [y/n]:" question) and waits for
answer from me. I want to answer this questions with openssl command
automatically. Is this possible?
# openssl ca -key 123456 -config open
Hello,
> When I run the following command, it doesn' t ask me question about
> signing. But I have to press enter button two times. I want to press
> only once to enter button. This command creates emtpy new-cert.pem
> file and it does not add information to demoCA/index.txt file. Is the
> followin
Hi,
When I run the following command, it doesn' t ask me question about signing.
But I have to press enter button two times. I want to press only once to enter
button. This command creates emtpy new-cert.pem file and it does not add
information to demoCA/index.txt file. Is the following command
Hi,
When I run the following command password has not been asked, but 2
confirmation appeared which are like following. Is it possible to give "y"
value in openssl parameter.
openssl ca -key 123456 -config openssl.cnf -out new-cert3.pem -infiles
new-req3.pem
Sign the certificate? [y/n]:y
1
Hello,
> When I run the following command password has not been asked, but 2
> confirmation appeared which are like following. Is it possible to give
> "y" value in openssl parameter.
>
> openssl ca -key 123456 -config openssl.cnf -out new-cert3.pem -infiles
> new-req3.pem
>
> Sign the certific
Hello,
> Thanks for your helps. Now I can define country, state, email etc with -subj
> parameter. When I try to create a new certificate with my "request
> certificate file" in command promt password of the cakey.pem has been asked
> like following example. Are there any parameter to add this pass
-subj
> "/C=TR/ST=KOCAELI/L=GEBZE/O=TUBITAK-UEKEAE/OU=OpenTC/CN=Kadir/[EMAIL
> PROTECTED]/"
>
> Best regards,
> --
> Marek Marcola <[EMAIL PROTECTED]>
>
> __
> OpenSSL Project
On Tue, 2007-09-18 at 06:00 -0700, qkadir wrote:
> Hi,
>
> I use the following command to create a certificate request.
>
> openssl req -new -nodes -out new-req.pem -keyout new-key.pem
>
> But this command demands country, state, organization name, email etc.
> information from command line like
Hi,
I use the following command to create a certificate request.
openssl req -new -nodes -out new-req.pem -keyout new-key.pem
But this command demands country, state, organization name, email etc.
information from command line like the following example. I don' t want to
enter country, state,
ent with your certificate request
A challenge password []:test
An optional company name []:uekae
Sincerelly,
Kadir.
--
View this message in context:
http://www.nabble.com/Adding-OpenSSL-certificate-user-data-with-parameters-tf4474210.html#a12756558
Sent from the Open
dear list,
i'm having a real adventure trying to get gsoap & openssl to behave
consistently and i would appreciate some pointers before i run out of
hair completely.
i'm on MacOS X 10.4.9 but i shifted over to Linux Fedora Core 2
because debugging on the Mac is impossible thanks to the linke
On Sun, Dec 31, 2006, M. Fioretti wrote:
> On Sun, Dec 31, 2006 00:59:54 AM +0100, Dr. Stephen Henson
> ([EMAIL PROTECTED]) wrote:
>
>
> > Well the error you are getting is because the certificate
> > verification failed. One reason could be because the certs dir
> > isn't set up properly
>
>
On Sun, Dec 31, 2006 00:59:54 AM +0100, Dr. Stephen Henson
([EMAIL PROTECTED]) wrote:
> Well the error you are getting is because the certificate
> verification failed. One reason could be because the certs dir
> isn't set up properly
Sorry, what do you mean by "set up properly"? Some specific
On Sun, Dec 31, 2006, M. Fioretti wrote:
> On Sat, Dec 30, 2006 22:41:46 PM +0100, Dr. Stephen Henson ([EMAIL
> PROTECTED]) wrote:
>
>
> > Does the my_certs directory contain the above server certificate and
> > have you done c_rehash on it?
>
> er... yes. That's what I wrote in my original me
On Sat, Dec 30, 2006 22:41:46 PM +0100, Dr. Stephen Henson ([EMAIL PROTECTED])
wrote:
> Does the my_certs directory contain the above server certificate and
> have you done c_rehash on it?
er... yes. That's what I wrote in my original message. At least, I
followed some the instructions in the w
On Sat, Dec 30, 2006, M. Fioretti wrote:
> Hello,
>
> On a Centos 4.4 server I have generated a self signed certificate
> following exactly the procedure at
> http://wanderingbarque.com/howtos/mailserver/mailserver.html
>
> That certificate works perfectly with Apache. Thanks to it I can now
> a
Hello,
On a Centos 4.4 server I have generated a self signed certificate
following exactly the procedure at
http://wanderingbarque.com/howtos/mailserver/mailserver.html
That certificate works perfectly with Apache. Thanks to it I can now
access my web pages on that server in https mode. But the s
Dear List,
I want to use Adobe Acrobat Certificate Security to encrypt PDF files
with OpenSSL Certificate, Please suggest me which type of certificate
I need to create which allow me to encrypt PDF file,
Openssl Version -- 0.9.7e 25 oct 2004
Best Regards
Vipul
e enabled for this
authentication to occur. I am not sure whether Case 1 is more
appropriate for my task or case 2.
Please, do let me know of your comments and any way out of this situation.
Thanks,
Bilal
From: Charles B Cranston <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTEC
case 2.
Please, do let me know of your comments and any way out of this situation.
Thanks,
Bilal
From: Charles B Cranston <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: Some OpenSSL certificate and key questions
Date: Tue, 02 Nov 2004 09:10:22 -0500
You should p
You should probably read chapter 4 of RFC 3280
http://www.ietf.org/rfc/rfc3280
particularly 4.2.1.3 Key Usage and 4.2.1.13 Extended Key Usage
Also the text file openssl.txt in the doc directory of the
openssl distribution.
I don't use CA (I use x509 instead) so maybe that has something
to do with t
Hi,
I am a newbie at using openssl and facing numerous problems right now. I am
using OpenSSL, FreeRADIUS Server and a DOT1X Supplicant. Basically trying to
get the Supplicant to authenticate to the FreeRADIUS Server using EAP-TLS.
I used a script (CA.All) to generate the three certificates for
hello... maybe someone had this problem before...
if i generate a selfcerted key by
keytool -genkey -alias myKEY -keyalg RSA
create a certrequest by
keytool -certreq -alias myKEY -file REQ.pem
sign it by
openssl -ca -in REQ.pem -out CERT.pem
try to import it into key
Hi folks,
I have successfully installed and experimented with
the open SSL package on our local Solaris
machine. I managed to generate a self-signed certificate
using the 'openssl req -new ...' command.
You find in attach of this mail certreq.pkc file in order to sign a
certificate using the exp
Hi folks,
I have successfully installed and experimented with
the open SSL package on our local Solaris
machine. I managed to generate a self-signed certificate
using the 'openssl req -new ...' command.
You find in attach of this mail certreq.pkc file in order to sign a
certificate using the exp
Hi,
This is an 'under-the-hood' type question for people familiar with SSL
internals.
We would like to use the OpenSSL library inside a Set-Top-Box (STB).
Unlike a normal computer, a STB has no standard browser (MS Explorer,
Netscape Navigator),
no command line, and no proper file system (as the
59 matches
Mail list logo
