On Tue, Jun 1, 2021 at 11:15 AM Selva Nair wrote:
>
> Hi Piotr,
>
> On Tue, Jun 1, 2021 at 10:57 AM Piotr Lobacz
> wrote:
>>
>> Hi,
>> i have managed to find the engine method static EVP_PKEY
>> *load_privkey(ENGINE *engine, const char *s_key_id, UI_METHOD *ui_method,
>> void *callback_data) i
Hi Piotr,
On Tue, Jun 1, 2021 at 10:57 AM Piotr Lobacz
wrote:
> Hi,
> i have managed to find the engine method static EVP_PKEY
> *load_privkey(ENGINE *engine, const char *s_key_id, UI_METHOD *ui_method,
> void *callback_data) in libp11 package. I have also made a printf callback
> and i see the
Hi,
On Fri, May 28, 2021 at 1:44 PM Piotr Lobacz wrote:
>
> Ok, i have found out that dotnet OpenSsl library has it's own code for
> verification is key private. For this it needs the whole data of private key
> from which this method:
>
> static int HasNoPrivateKey(RSA* rsa)
>
> which is in .
to:openssl-users@openssl.org>>
Temat: RE: CSR generation using pkcs11 token engine from C# code
I wrote this script years ago when I switched to Godaddy 10 site certificates.
I don't use it from C# You could easily put it into C# or PHP. < >
would be variables at the to
I wrote this script years ago when I switched to Godaddy 10 site certificates.
I don't use it from C# You could easily put it into C# or PHP. < >
would be variables at the top. I have it filled in so I just modify the
alt_names. I just cut and paste the all of it into Ubuntu and run
You are right. Cannot create a certificate with CSR containing only public
key.
Thanks for the explanation.
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
Hey,
Try calculating the private Key from the public key ;-)
but this can last a little time you don't have;
Walter
On Thu, September 12, 2019 09:50, Bharathi Prasad wrote:
> Hi,
> I have the public key of the client but not the private key.
> ...
>
> Regards,
> Bharathi
Hi,
Thanks for the prompt replies. I agree signature from private key should be
present in a CSR. However, as per RFC 2511, Proof Of Possession is optional
though it strongly recommends to have it.
I was able to create the CSR with only public key. I was unintentionally
adding an extra line at th
On Thu, Sep 12, 2019 at 12:50:23AM -0700, Bharathi Prasad wrote:
> I have the public key of the client but not the private key. I am required
> to generate a CSR with only public key. I understand private key is required
> for Proof of Possession. However, as per my requirement I am supposed to
>
>I used CX509CertificateRequestCertificate class to create CSR with only
public key.
Those functions/classes/names/whatever are not part of OpenSSL.
The OpenSSL "req" command cannot process as CSR unless it is signed by the
private key. If you have a requirement to sign a CSR w
If a CA signs a certificate without proof of possession of the private key,
the CA is enabling whoever does have that private key to look as though
they are the one who they sign the certificate for (i.e., impersonation).
The entire structure of PKI (the binding of the public half of a keypair to
s
n.
>
> Regards
> Francesco Petruzzi
>
> Da: openssl-users [mailto:openssl-users-boun...@openssl.org
> <mailto:openssl-users-boun...@openssl.org>] Per conto di Paul Yang via
> openssl-users
> Inviato: giovedì 12 settembre 2019 09:51
> A: Bharathi Prasad
> Cc
I used CX509CertificateRequestCertificate class to create CSR with only
public key.
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
How could you create the CSR with only public key?
> On Sep 12, 2019, at 3:50 PM, Bharathi Prasad
> wrote:
>
> Hi,
> I have the public key of the client but not the private key. I am required
> to generate a CSR with only public key. I understand private key is required
> for Proof of Possessio
: Friday, October 04, 2013 08:17
To: openssl-users@openssl.org
Subject: *** Spam *** Re: CSR from old certificate and signing it using new
private key
Hello Dave,
Please see inline.
Assuming by "get it signed" you mean signing the CSR, not getting a cert
issued from the CSR whic
Hello Dave,
Please see inline.
Assuming by “get it signed” you mean signing the CSR, not getting a cert
issued from the CSR which many people wrongly think is “signing the CSR”:
yes OpenSSL has APIs for both X509 (cert) and X509_REQ.
[Kamalraj] If you don’t mind, can you share those APIs
You ca
Assuming by "get it signed" you mean signing the CSR, not getting a cert
issued
from the CSR which many people wrongly think is "signing the CSR":
yes OpenSSL has APIs for both X509 (cert) and X509_REQ.
You can read in a cert (PEM or DER), extract fields/extensions from it as
desired
and
On Wed, Sep 01, 2010, monojit.da...@cognizant.com wrote:
>
> Hi,
>
> How can I generate CSR programmatically using OpenSSL APIs; not using the
> openssl tool?
> Can I you plz. provide me with the API name or some sample code to do this?
>
Look in demos/x509/mkreq.c
Steve.
--
Dr Stephen N. He
fhd...@unm.edu wrote:
Hello,
Is there any reason why one needs to protect CSR (e.g. encrypting it)
from public view?
Can't think of one myself...
I was under impression that is the key that needs
to be protected not the CSR?
That's correct.
Thank you,
Farid
you're welcome.
lh..
Com
The private key is what needs to be protected. The CSR contains
information that you may consider proprietary, but the only *really*
important piece of it is the public key, which is going to be in the
issued certificate anyway.
-Kyle H
On Tue, Mar 31, 2009 at 1:15 PM, wrote:
>
> Hello,
>
> Is
Hi Jacob.
Yes, you can generate a CSR from any computer. :-)
Please tell us the exact OpenSSL commands you used to generate the CSR and
keypair. I cannot reproduce the problem.
Thanks.
On Friday 26 September 2008 01:24:59 JacobLovell wrote:
> Hi Rob - thankyou for the reply!
>
> When I do th
Hi Rob - thankyou for the reply!
When I do the same I get this: (it says verify failure) but nothing. Btw not
sure if this helps but i am using the correct private key from my knowledge.
I have followed the directions word by word from the comodo site. Sorry for
my ignorance, but can I just gener
Jacob, try putting that CSR thru "openssl req -text -noout -verify".
For me, that command reports...
verify failure
7046:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is
not 01:rsa_pk1.c:100:
7046:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check
failed:rs
On Wed, Dec 06, 2006, Stuart Gall wrote:
> Found the problem
> There was prompt=no in the cnf file.
>
> Dont see why that should complain though.
>
The reason for that is that the DN section needs to be formatted appropriately
if prompt=no is set. That uses the more natural style of:
dn_compon
Found the problem
There was prompt=no in the cnf file.
Dont see why that should complain though.
On 6 Dec 2006, at 14:41, Stuart Gall wrote:
Hello,
I have the following problem
openssl req -config client.cnf -new -key ClientCerts/stuart.key -
out ClientCerts/stuart.csr
Enter pass phrase fo
> Likely you are already in a Perl script? What about copying a
> template config to a scratch file, making appropriate substitutions
> from the form data? Or if your form processor isn't a convenient
> place to do this, you could fork a command that pipes the template
> through e.g. sed.
Actua
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, 9 Jun 2006 [EMAIL PROTECTED] wrote:
> I need to generate a CSR without prompting the user (I am getting the
> info from an HTML form).
Likely you are already in a Perl script? What about copying a template
config to a scratch file, making app
On 9 Jun 2006 Dr. Stephen Henson wrote:
> > - If not, is there some documentation on the minimum information
> > needed in the config file to create a CSR, so that I can create a
> > basic one rather than replicating every field in the default file?
>
> http://www.openssl.org/docs/ap
On 9 Jun 2006 Richard Salz wrote:
> > - Am I correct that the only way to do this is to put the various
> > values into openssl.cfg? Or is there a way to pass them on the
> > command line?
>
> You can use the ENV:: construct to read them from the environment.
Thanks. Good to know b
> - Am I correct that the only way to do this is to put the various
> values into openssl.cfg? Or is there a way to pass them on the
> command line?
You can use the ENV:: construct to read them from the environment.
> - If I have to use the config file, is there any way to speci
>I'm attaching a shar file file of the scripts I've used a couple of
times.
It would help to acdtually do the attachment...
/r$
--
SOA Appliances
Application Integration Middleware
scripts.shar
Description: Binary data
On Fri, Jun 09, 2006, [EMAIL PROTECTED] wrote:
>
> - If not, is there some documentation on the minimum information
> needed in the config file to create a CSR, so that I can create a
> basic one rather than replicating every field in the default file?
>
Yes:
http://www.openssl.or
Hello!
Thank you for your helping.
Anyone changed "openssl.cnf" file...
(I can't believe that!)
Anyway, I did it!
Many thanks!
Hi,
>I used following command:
>"openssl req -new -key key2006.pem -out csr.pem".
>
>
>But I can't input State or Province Name &Locality Name.
>
>
>I checked the
Hi,
>I used following command:
>"openssl req -new -key key2006.pem -out csr.pem".
>
>
>But I can't input State or Province Name &Locality Name.
>
>
>I checked the CSR file using "openssl req -noout -text -in
>csr.pem".
>But I couldn't find State or Province Name &Locality Name in this file.
>So I
Thank you Richard for a quick response,
Richard Levitte wrote:
> Arsen Hayrapetyan writes:
>
>> Hello all,
>> I have a question that comes from a real-life situation.
>> Suppose you have a CA that signed a CSR and prodused a certificate for
>> some user.
>> After sometime the CA revokes that cert
Arsen Hayrapetyan writes:
Hello all,
I have a question that comes from a real-life situation.
Suppose you have a CA that signed a CSR and prodused a certificate for
some user.
After sometime the CA revokes that certificate. Then that user sends to
a CA a new CSR.
The policy of the CA does not pe
On Fri, Oct 22, 2004, Dan O'Brien wrote:
>
> Hi,
>
> We're having some trouble generating a public.csr, so that we can
> install an SSL Certificate on our web server. Verisign has no
> suggestions. We've googled the error below with no results. Anyone have
> any ideas?
>
> Here's the command
Hi Tyler, thanks for the response. We're trying to generate a
certificate request so that we can get a new certificate.
Any ideas?
On Oct 26, 2004, at 7:04 AM, Tyler Durden wrote:
Sorry, I know a lot, but what do you want to get?, A certificate or a
certificate request, because that I think that
Sorry, I know a lot, but what do you want to get?, A certificate or a
certificate request, because that I think that this command (openssl
req) genrates a certificate request.
On Fri, 22 Oct 2004 11:53:44 -0400, Dan O'Brien <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
> We're having some trouble generat
[EMAIL PROTECTED]
> Sent: October 21, 2004 04:30
> To: [EMAIL PROTECTED]
> Subject: Re: csr for windows server
>
> no its not there i dont think.
> basically what is happening is that im programming an
> interface to Active directory and one of the features is a
> change p
"openssl req -new -key server.key -out server.csr" should do the job.
server.key is your server's private key file. If you do not have one
yet, use "openssl genrsa -out server.key 1024" to generate a 1024 bit
RSA key.
- Jörn
Ronan wrote:
no its not there i dont think.
basically what is happeni
no its not there i dont think.
basically what is happening is that im programming an interface to
Active directory and one of the features is a change password option.
this can only be done obviously over ssl. This is why i need the
certificate generaed so i can sign it with our root CA.
I need
Hi,
http://www.thawte.com/support/keygen/
There's a menu in the right, select your server type.
Juan Angel Martin Gomez
AC Camerfirma
Tel. +34 920252750 Fax +34 920252732
http://www.camerfirma.com
> -Mensaje original-
> De: [EMAIL PROTECTED] [mailto:owner-openssl-
> [EMAIL PROTECTED
Did some research with google and can answer my own question.
If a certificate is compromised (the private key is stolen, etc.) the
certificate needs to be revoked as it will remain valid till the end of it's
term.
Any administrator with access to a cert can revoke the cert. If a challenge
passwo
Randall Perry wrote:
What is the purpose of the CSR challenge password. I notice it's optional.
Is it only for the CA to verify the request?
I am also thinking how can I get the password prompting appear for the
verification of the right user?
sam
__
PKCS12 format as well:
openssl pkcs12 -export -in demoCA/cacert.pem -inkey
/demoCA/private/ca.key -out cacert.p12
· Now import these on to the client's browser (first import the
CA one).
And that's about it. Btw I used jdk 1.3.1 with JSSE 1.0.3
Cheers
Jose
--
Please ... how did you do it?
-Original Message-
From: Jose Correia (J) [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 15, 2002 12:26 AM
To: [EMAIL PROTECTED]
Subject: RE: CSR / CA Issued Certificate
Hi Kevin
I have successfully used client certificate signed by my own CA using
See FAQ.
Hazel
>
> Please point me towards the documentation for the Certificate Signing
> Request for OpenSSL.
>
> Thanks
>
> -
> For every action there is an equal
> and opposite government program.
>
> http://3522508374/
> -
Tim Willis wrote:
>
> > I seem to be having some config problems with OpenSSL. When I try to
> > create a CSR, openSSL tries to use this to find the config file:
> > d:/openssl/d:/openssl/ssl/openssl.cnf
> > Where can I go to correct this obviously incorrect syntax?
> >
This is probably hard co
Hi,
openssl.cnf is in the ...\apps dir of the openssl pacakge. It
specifies default values for the various utilities that openssl.exe
comes with which can be overridden. You must specify the correct path
to that file + plus you can change
the default values in the file so that your interaction wit
I think there is an option ("-new", is it?) which causes the CSR generating
utility to read the responses from the screen. So, you input all the values
instead of the utility looking in sslc.cnf...I haven't tried this on NT
though.
Arun.
"The online world is a cool place to visit, but you
51 matches
Mail list logo
