On Sat, Mar 09, 2013 at 11:04:06AM -0600, Ian Pilcher wrote:
> It's becoming pretty clear that OpenSSL doesn't provide a simple way to
> do this today. (X509_V_FLAG_PARTIAL_CHAIN will probably enable this,
> but it will be years before that makes its way into slower moving
> distributions.)
>
>
On 03/09/2013 10:40 AM, Kyle Hamilton wrote:
> Create a new self-signed client CA certificate with the same key and
> Subject, setting the Issuer to the Subject of the client CA, and signed
> with the client CA private key. Use this as your client-authenticatior
> "root".
Well yes. I know I coul
Create a new self-signed client CA certificate with the same key and
Subject, setting the Issuer to the Subject of the client CA, and signed
with the client CA private key. Use this as your client-authenticatior
"root".
Alternatively, you might play around with policies, but that relies on your
h
milar.
---
From: Dave Thompson
Sent: Thursday, June 07, 2012 5:43 AM
To: openssl-users@openssl.org
Cc: 'Alexander Kirschner'
Subject: RE: trust chain building for X509_verify_cert
From: owner-openssl-us...@openssl.org On Behalf Of Arth
>From: owner-openssl-us...@openssl.org On Behalf Of Arthur Spitzer
>Sent: Tuesday, 05 June, 2012 04:48
>I need to verify a X.509 certificate against a self-signed X.509 CA,
>both certificates are in PEM-format. Doing this on the command line
>works so far:
>Right now I am working on a small pie
Arthur Spitzer
writes:
[...]
> The problem is: The verification always fails with error code 7
> (“signature invalid”). I already tried three different attempts
> (documented in the attached cpp file) to build the trust chain, with
> the same result.
>
> The relevant source code (certificates as
Hi, Arthur.
The verification always fails because OpenSSL can’t find digest algorithm. You(as I just now) forgot about OpenSSL
initialization. You must add at the beginning of the main function next code:
//SSLeay library init (libcrypto)
ERR_load_crypto_strings();
OpenSSL_add_all_algorithms(
On Fri, Jan 14, 2011 at 8:03 AM, Dave Thompson wrote:
> > From: owner-openssl-us...@openssl.org On Behalf Of Karthik
> Ravikanti
> > Sent: Thursday, 13 January, 2011 05:12
>
> > Thanks a LOT for the detailed reply. I was more interested in the
> > SSL connection part. Please find
On Fri, Jan 14, 2011 at 8:03 AM, Dave Thompson wrote:
> > From: owner-openssl-us...@openssl.org On Behalf Of Karthik
> Ravikanti
> > Sent: Thursday, 13 January, 2011 05:12
>
> > Thanks a LOT for the detailed reply. I was more interested in the
> > SSL connection part. Please find
> From: owner-openssl-us...@openssl.org On Behalf Of Karthik Ravikanti
> Sent: Thursday, 13 January, 2011 05:12
> Thanks a LOT for the detailed reply. I was more interested in the
> SSL connection part. Please find my responses inline. Just to add some
> context, I'm trying to
Thanks a LOT for the detailed reply. I was more interested in the SSL
connection part. Please find my responses inline. Just to add some context,
I'm trying to implement SSL sockets on the iPhone and am just using Java as
a reference.
On Wed, Jan 12, 2011 at 9:47 AM, Dave Thompson wrote:
> >
Oops, I already asked this on the list... I forgot to check the reply.
Please ignore.
On Thu, Jan 13, 2011 at 3:16 PM, Karthik Ravikanti <
karthik.ravika...@gmail.com> wrote:
> Hi,
>
> Is there any trust store and key store API in OpenSSL? I did find a few
> functions of type X509_TRUST_* in the
> From: owner-openssl-us...@openssl.org On Behalf Of Karthik Ravikanti
> Sent: Tuesday, 11 January, 2011 00:44
> Does OpenSSL provide any API for managing a trust store and a key
store like Java?
Not in the same way at least.
OpenSSL most easily uses certs and keys (and related
On Fri, Dec 10, 2010, Ashok Kumar wrote:
> Hi All,
>
> I am not getting success to find the trust store location for CA
> root/intermediate certificates in Netscape Browser 4.79 (pretty old). Any
> one can please help me where it could be located so that I can update my
> CA's root/intermediate
On Tue, Nov 02, 2010, Michael Strder wrote:
> Michael Ströder wrote:
> > man 1ssl verify says:
> >
> > "The third operation is to check the trust settings on the root CA. The root
> > CA should be trusted for the supplied purpose. For compatibility with
> > previous
> > versions of SSLeay and Op
Michael Ströder wrote:
> man 1ssl verify says:
>
> "The third operation is to check the trust settings on the root CA. The root
> CA should be trusted for the supplied purpose. For compatibility with previous
> versions of SSLeay and OpenSSL a certificate with no trust settings is
> considered to
Hi,
I've just ran into the exact same problem. There's a quick solution to
this that I had to run before the import.
# openssl x509 -in cacert.pem -out cacert.crt
You can see this solution on
http://www.tldp.org/HOWTO/SSL-Certificates-HOWTO/x120.html
Regards - Steve Harris
Neff Robert A wr
Steve,
Actually, you will be further ahead using your self-signed certificate
and private key to sign additional certificates that you create using
OpenSSL for your servers. Then, simply import that self-signed CA
certificate that corresponds to the private key you used to sign the
server certifi
18 matches
Mail list logo
