Read my comments please.
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Patrick Patterson
Sent: Wednesday, June 19, 2013 7:50 PM
To: openssl-users@openssl.org
Subject: Re: Creating certificates
Hi Rodney,
First of all
Hi Rodney,
First of all, this isn't a CA certificate - the "Basic Constraints CA:FALSE"
quite plainly points to this.
This is a wildcard certificate for use by authorised representatives of
"securesites.com" to be able to use for their own servers.
Therefore, you will never be able to create a
Hello,
Yes, you are right. I can do it using the 'ca' command. Thanks for the
hint.
Gerald
On Tue, Aug 18, 2009 at 11:48 AM, Serge Fonville
wrote:
> Why don't you use the ca command?
>
>
> On Tue, Aug 18, 2009 at 9:38 AM, Gerald Iakobinyi-Pich > wrote:
>
>> Hello,
>>
>> So I have played arr
On Tue, Aug 18, 2009, Gerald Iakobinyi-Pich wrote:
> Hello,
>
> So I have played arround a little bit more yesterday, but with the same
> result.
> Attached are the the openssl.cnf I am using. The problem is the same, I do
> not know how to override the subject information from the config file
>
Why don't you use the ca command?
On Tue, Aug 18, 2009 at 9:38 AM, Gerald Iakobinyi-Pich
wrote:
> Hello,
>
> So I have played arround a little bit more yesterday, but with the same
> result.
> Attached are the the openssl.cnf I am using. The problem is the same, I do
> not know how to override t
Hello,
So I have played arround a little bit more yesterday, but with the same
result.
Attached are the the openssl.cnf I am using. The problem is the same, I do
not know how to override the subject information from the config file
(specified in the "req_distinguished_name" section), from the comm
What does your openssl.cnf look like, since it is used in the req?
On Mon, Aug 17, 2009 at 6:00 PM, Gerald Iakobinyi-Pich
wrote:
> Hy,
>
> So my end goal is to have a CA, which I can use to sign certificates. I
> have set up a CA, that was not that hard. But now I want to create
> certificates si
Hy,
So my end goal is to have a CA, which I can use to sign certificates. I have
set up a CA, that was not that hard. But now I want to create certificates
signed by my CA, and I want to provide the subject from the command line. I
don't want it to be read from the openssl.cnf. That is because I h
Hi,
I assume you have done a lot of googling and have read the docs extensively.
First, what is your end goal?
Since creating a certificate and having it signed by your own CA is not that
difficult.
What resources have you consulted.
What have you already tried.
Have you looked at the resulting c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Jason,
edf green schrieb:
> Very straight forward and well documented? You gotta be kidding.
> Perhaps for a long time openssl developer, but not for your run of the
> mill C developer. I spent all last night going through the example
> provid
> What im talking about is functions like a2i_ASN1_INTEGER.
> When i check the crypto library documentation on openssl.org
> for usage or such, there is no man page available,
> actually.. the entire asn1 section is blacked out.
There's no reason you need to use that function. The load_serial/sa
Very straight forward and well documented? You gotta be kidding. Perhaps for a long time openssl developer, but not for your run of the mill C developer. I spent all last night going through the example provided, and yeah beyond being painfully inhibiting for a developer in its complexity, its a
Looks at the source for the command-line tool that you're using.
/r$
--
STSM, Senior Security Architect
SOA Appliances
Application Integration Middleware
__
OpenSSL Project http://www.open
Please don't top post.
>> Look at apps/x509.c function x509_certify().
> you're kidding right? That has to be some of the most atrocious
> and confusing code i have ever seen. I dont suppose anyone has
> anything more practical as an example?
> Perhaps some documentation on the process or such
you're kidding right? That has to be some of the most atrocious and confusing code i have ever seen. I dont suppose anyone has anything more practical as an example? Perhaps some documentation on the process or such.
On 9/20/06, Marek Marcola <[EMAIL PROTECTED]> wrote:
Hello,> Long time
Hello,
> Long time reader, first time poster. I have a problem
> currently with the generation of a SSL cert using the libssl/crypto
> apis. I can generate keys fine, but i cannot find any documentation
> on how to actually create a cert file via anything other then the
> openssl command l
I'm not sure what's wrong. I think that you might read the configuration file of openssl carefuly. Can you show out you resaults in BASE64 format in order to let others to test then for you?
2006/4/25, nduval (sent by Nabble.com) <[EMAIL PROTECTED]>:
I have installed openssl and am hoping to use it
Michael Helm wrote:
[...]
What I wanted to try (& might eventually) is going back to the client
test we did some time ago. We found that the client always ignored
the extra subjectaltname entries, and so I suspect that the subject
components are the ones evaluated.
To my knowledge, tests made rece
"Lee Dilkie" writes:
> you didn't look at the certificate fully. there is also
>
> RFC822 [EMAIL PROTECTED]
> RFC822 [EMAIL PROTECTED]
> RFC822 [EMAIL PROTECTED]
> in the Subject Alternative Name as rfc3280 requires.
That is very clever of them! I have been meaning to test your cert consruction
> IMHO if you want to use multiple email addresses within the
> same certificate
> you should use multiple subjectAltName extensions. This
> ensures usability
> with available clients (i.e. Mozilla, Thunderbird, etc... ).
> I guess you
> are able to use the certificate because the same addresses
Lee Dilkie wrote:
Mine works fine.
I have multiple "E=" fields in the subject attribute. I use the same
certificate from several accounts.
(This message is signed so you can take a look for yourself).
Also, this isn't openssl generated but I see no reason why that would
matter.
IMHO if you want
o the same with an openssl generated
certificate.
-lee
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Michael Helm
> Sent: Tuesday, February 03, 2004 3:55 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Creating certificates with more
"Lee Dilkie" writes:
> Mine works fine.
In a sense.
E = [EMAIL PROTECTED], E = [EMAIL PROTECTED], E = [EMAIL PROTECTED], CN = Thawte
Freemail Member
rfc 3280
http://www.ietf.org/rfc/rfc3280.txt
p 23-24, section 4.1.2.6 Subject
In addition, legacy implementations exist where an RFC 822 name
Hi,
>in openssl.cnf in the section regarding the DN definition.
>
>0.emailAddress
>1.emailAddress
Thanks for your answer! Now I have two E-Mail addresses in in my cert, but I
can only sign mails, which I send with the first eMail address. :-( When
sending withh the second one, Outlook (XP and Exp
I had created one certificate but the2nd email address was just UNUSABLE.
I couldn't use that 2nd email address to sign, encrypt. etc.
Tested with Mozilla and Outlook family email clients.
Frédéric Giudicelli wrote:
in openssl.cnf in the section regarding the DN definition.
0.emailAddress
1.email
in openssl.cnf in the section regarding the DN definition.
0.emailAddress
1.emailAddress
--
Frédéric Giudicelli
http://www.newpki.org
Stephan Boldt wrote:
Hello!
Is it possible to create certificates with more than one eMail address? I
want to create a cert which can sign mails from different eM
Title: Message
You
are trying to run the openssl.exe built for the Pocket PC. It wont run on
the desktop. You would probably be better off using a desktop build of
openssl, creating the certificates with that, and transferring them to the
PPC. If you really want to use the PPC version, ge
In message <[EMAIL PROTECTED]> on Mon, 11 Aug 2003 14:36:52 +0900,
"Shalkebaev,AntonMSCAG" <[EMAIL PROTECTED]> said:
ShalkebaevA> Take a look at www.pyca.de anototrher one is
ShalkebaevA> http://cultura.eii.us.es/~pablo/elyca/
Added to the collection of links in
http://www.openssl.org/related/ap
Joe:
I don't know if Matt is also planning a website, but I haven't even
started mine, so I can't give you a link to it.
-Mike
Joe Novielli wrote:
>
> BTW MATT : Your web link would be much appreciated to clear the concepts
> for neophytes.
>
> At 04:03 PM 08/11/99 -0700, you wrote:
> >Hi:
I'm still unsure about the CA cert?
What does this do, how does it fit in?
Is this the SAME as a signed certificate which the web server uses? (I
don't think so)
Which certificate is the one browsers need to install? (ie: the one we need
to generate for them)
I'm fine with:
- generating a s
30 matches
Mail list logo
