Re: Newbie Question here...

2012-04-24 Thread Jakob Bohm
On 4/24/2012 6:19 PM, bfinkel...@aaamissouri.com wrote: I have installed Win32 Binary including OpenSSL 0.9.8t (MSI Installer): httpd-2.2.22-win32-x86-openssl-0.9.8t.msi on my windows server. I want

Re: Newbie confusion

2011-12-08 Thread John Emmas
On 8 Dec 2011, at 13:55, Jeffrey Walton wrote: > When working with OpenSSL on Windows, I prefer Shining Light's gear. > Thomas Hruska does a great job of building and packaging OpenSSL. > Good suggestion Jeff, thanks. I'll look into that. John _

Re: Newbie confusion

2011-12-08 Thread Jeffrey Walton
On Thu, Dec 8, 2011 at 8:45 AM, John Emmas wrote: > > Please ignore my previous email for the moment.  It seems we're not sure > whether out binaries are official, pre-built ones or if they were built > elsewhere. > > Presumably there are some official Windows DLLs and libs somewhere are there?

Re: Newbie confusion

2011-12-08 Thread John Emmas
Please ignore my previous email for the moment. It seems we're not sure whether out binaries are official, pre-built ones or if they were built elsewhere. Presumably there are some official Windows DLLs and libs somewhere are there? John

Re: Newbie Struggles with SMIME

2011-02-15 Thread ManicPixel
Did I mention I was a rookie? :-) I had not tried that. Excellent suggestion, thank you. I just did (after a crash course in cert & key exports). I do get the following error, however I signed the message and my certs are decrypting it. Verify error:self signed certificate in certificate chain

Re: Newbie Struggles with SMIME

2011-02-15 Thread Dr. Stephen Henson
On Tue, Feb 15, 2011, ManicPixel wrote: > Hello, > > > I've been searching the mail archives for days and pouring over the examples > in the /demo projects and can't seem to figure this one out on my own. I'm > trying to use OpenSSL to encrypt and decrypt S/MIME messages. I'd be happy > with d

RE: (newbie) private key vs. keystore confusion

2009-12-30 Thread Mazza, Glen R.
it's both--a private key/certificate pair, but if one wanted, multiple certificates--and I guess multiple private keys--could be stored within the same file. Glen -Original Message- From: Mazza, Glen R. Sent: Mon 12/28/2009 6:19 PM To: openssl-users@openssl.org Subject: RE: (newbie)

RE: (newbie) private key vs. keystore confusion

2009-12-29 Thread Mazza, Glen R.
ytool.html From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Anand Patel Sent: Sunday, December 27, 2009 9:10 PM To: openssl-users@openssl.org Subject: Re: (newbie) private key vs. keystore confusion Not sure what y

Re: (newbie) private key vs. keystore confusion

2009-12-28 Thread Michael S. Zick
On Sun December 27 2009, Anand Patel wrote: > Not sure what you mean by keystore but above command combines certificate > and key in PKCS12 format "service.p12". > -Anand > > On Thu, Dec 24, 2009 at 10:33 AM, Mazza, Glen R. wrote: > > > Hello, I'm confused somewhat about the workings of OpenSSL,

Re: (newbie) private key vs. keystore confusion

2009-12-28 Thread Kyle Hamilton
PKCS #12 is the standard format for communicating an encrypted private key along with a certificate. It is typically used to move a private key and its associated public certificates from one system to another, or to back up (say) a webserver's private key and its certificate. -Kyle H On Thu, De

Re: (newbie) private key vs. keystore confusion

2009-12-27 Thread Anand Patel
Not sure what you mean by keystore but above command combines certificate and key in PKCS12 format "service.p12". -Anand On Thu, Dec 24, 2009 at 10:33 AM, Mazza, Glen R. wrote: > Hello, I'm confused somewhat about the workings of OpenSSL, in particular > the following command: > > > > openssl p

Re: Newbie question on EVP API

2009-12-13 Thread Bruce Stephens
Alexey Luchko writes: > I'm new to openssl. > I've got two questions on EVP API: > > 1. What do EVP_EncryptInit_ex and EVP_CipherInit_ex differ with? > When should I use encrypt/decrypt and when cipher? If you look at the source, EVP_EncryptInit_ex/EVP_DecryptInit_ex are just trivial wrapper

RE: Newbie questions: extracting public key's exponent and modules.

2009-10-22 Thread Adam Rosenstein
what about rsa_public_key->n and rsa_public_key->e You could do BN *n = BN_dup(rsa_public_key->n); BN *e = BN_dup(rsa_public_key->e); And do what you want with them (don't forget to free them) If you are wanting to display them char *n_txt = BN_bn2dec(n); char *e_txt = BN_bn2dec(e); or

Re: newbie program crashing.

2009-08-02 Thread Neil Dugan
PMHager wrote: First you fill the rsa structure with the private key, PEM_read_bio_RSAPrivateKey(in,&rsa,NULL,NULL); then you overwrite it with the public key. PEM_read_bio_RSA_PUBKEY(in, &rsa, NULL, NULL); Thanks for hint.. I thought you had to load both public and private keys. I sto

RE: newbie program crashing.

2009-08-02 Thread PMHager
First you fill the rsa structure with the private key, PEM_read_bio_RSAPrivateKey(in,&rsa,NULL,NULL); then you overwrite it with the public key. PEM_read_bio_RSA_PUBKEY(in, &rsa, NULL, NULL); RSA_private_decrypt() which points to RSA_eay_private_decrypt() requires the private exponent rsa-

Re: Newbie questions: generating RSA PGP private & Public key pair

2009-06-19 Thread Kyle Hamilton
If you need to create a PGP key, OpenSSL does not do this. The package you're looking for is GNU Privacy Guard, or gnupg, available from http://gnupg.org/. -Kyle H On Fri, Jun 19, 2009 at 11:08 AM, Bizhan Gholikhamseh (bgholikh) wrote: > Hi, > Thanks for yor help. >> Are you doing this for a cer

RE: Newbie questions: generating RSA PGP private & Public key pair

2009-06-19 Thread Bizhan Gholikhamseh (bgholikh)
Hi, Thanks for yor help. > Are you doing this for a certificate request? No this is part of creating public and private key to exchange secure information on line. > > openssl genrsa -des3 2048 > mykey.key > openssl req -new -key mykey.key -sha256 I have more questions: 1- After issuing above com

Re: Newbie questions: generating RSA PGP private & Public key pair

2009-06-18 Thread Kyle Hamilton
Are you doing this for a certificate request? openssl genrsa -des3 2048 > mykey.key openssl req -new -key mykey.key -sha256 I do not believe that OpenSSL implements CAST. (the -des3 tells it to use triple-DES; you can instead use -aes256 to use AES at 256 bits.) -Kyle H On Thu, Jun 18, 2009 at

Re: Newbie: PKCS#10 request for an existing key pair

2009-06-05 Thread Raj
instantiates that engine? Again the documentation provides some information on this., so my answer is yes. Thanks From: Patrick Patterson To: openssl-users@openssl.org Sent: Thursday, June 4, 2009 8:41:24 PM Subject: Re: Newbie: PKCS#10 request for an existing

Re: Newbie: PKCS#10 request for an existing key pair

2009-06-04 Thread Patrick Patterson
Hi Raj: On June 4, 2009 12:58:02 pm Raj wrote: > Hello Experts, > > I request your expert opinion in generating a PKCS#10 CSR; > > I have generated my RSA 1024 private public key pair in the HSM. The HSM > exposes the keys as handles. > First question: Do you have OpenSSL patched to use that parti

Re: Newbie Questions

2009-01-07 Thread Patrick Patterson
On January 6, 2009 12:20:47 pm Richard Lichvar wrote: > A newbieto OpenSSL here. (Mainly used to using 3rd party authorities.) > Not very good at command line stuff either. > > > > 1. Cert request generated from IIS 6 but it is against the default > website with .txt extension. Can a cert be

Re: Newbie : is it possible to use SSL on multiple targets with just IP addresses ?

2008-08-07 Thread Ion Larrañaga
Hi, If I understand what you want to do, the answer is yes, it can be done. You can create a generic certificate with a given CN to be used in the embedded web server. The next question is... who will use this web server? If it's a program, so your system is used as an update server (for in

Re: newbie: problem + RSA

2008-06-02 Thread Marek . Marcola
Hello, [EMAIL PROTECTED] wrote on 05/30/2008 12:34:15 PM: > Hello, > i have created the following code to test the use of RSA (signautre): > > #include > #include > #include > #include > #include > #include > #include > #include > #include > #include > #include > > main () > { > > l

Re: newbie question: sample s_server usage

2007-09-29 Thread Grzegorz Rusin
On 9/28/07, Deep Chand <[EMAIL PROTECTED]> wrote: > > Hi, > > I'm a newbie to openssl and openssl toolkit. i need to add support for tls > to one java client including client authentication, and i've made the > changes to the client and need to test it with server, so trying to use > s_server. I ha

RE: newbie: set cert time validity

2007-07-17 Thread David Schwartz
No wonder I couldn't find the MakeCertificate function, it's actually resides in an external library. I 'll try to do anything I could to make sure it works as needed.. However, thank you very much for your help David Schwartz.. if you were in java.sun.com forum I'd surely have given you at

Re: newbie: set cert time validity

2007-07-17 Thread imin noob
No wonder I couldn't find the MakeCertificate function, it's actually resides in an external library. I 'll try to do anything I could to make sure it works as needed.. However, thank you very much for your help David Schwartz.. if you were in java.sun.com forum I'd surely have given you at least

RE: newbie: set cert time validity

2007-07-16 Thread David Schwartz
thanks a lot for your lenghty explanation, David Schwartz. I really appreciate it for you to help me explain all this. I noted you said that what I did might be sensible if three things are the case: 1) The locale you are using the certificate has no daylight savings time. 2) The certifica

Re: newbie: set cert time validity

2007-07-16 Thread imin noob
thanks a lot for your lenghty explanation, David Schwartz. I really appreciate it for you to help me explain all this. I noted you said that what I did might be sensible if three things are the case: 1) The locale you are using the certificate has no daylight savings time. 2) The certificate isn't

RE: newbie: set cert time validity

2007-07-16 Thread David Schwartz
hold on! thanks a lot I managed to get it to 23:59:59. all i had to do was change the value strcpy(buf+6, "235959Z"); to strcpy(buf+6, "155959Z"); I would not do that. There is no way you can know that 15:59:59 will correspond to 24:59:59 in the future when the certificate expires. You ar

Re: newbie: set cert time validity

2007-07-16 Thread imin macho
erm... but there's still one problem. where in IssueCertificate should I add the line X509_gmtime_roundup(X509_get_notAfter(x)); ? because currently the line is only added in renewCertificate... as I can't see where in IssueCertificate can I add those lines.. thanks again On 7/16/07, David Schwar

Re: newbie: set cert time validity

2007-07-16 Thread imin macho
hold on! thanks a lot I managed to get it to 23:59:59. all i had to do was change the value strcpy(buf+6, "235959Z"); to strcpy(buf+6, "155959Z"); thanks again, David Schwartz! You're a great help!! On 7/16/07, David Schwartz <[EMAIL PROTECTED]> wrote: I added the X509_gmtime_roundup(X509_

Re: newbie: set cert time validity

2007-07-16 Thread imin macho
I see... does this mean I can't make it to expire at 23:59:59 for the particular day? This is the UTC/GMT time for which area...? hmm.. actly i'm still confused... anyway it's ok then if I can't make it that way. Is there any way I can convince my boss that (besides sending him a copy of this ema

RE: newbie: set cert time validity

2007-07-16 Thread David Schwartz
I added the X509_gmtime_roundup(X509_get_notAfter(x)); at my renewCertificate function. When I renewed the cert valid to for example, to 31/7/2007, the cert valid to will be strangely changed to '1/8/2007 7:59:59". May I know which part should I alter here? There is nothing to change, as it

Re: newbie: set cert time validity

2007-07-16 Thread imin macho
Thanks a lot for your help, David Schwartz! I haven't got it correctly yet, but with your help I could see I'm moving somewhere here. I added the X509_gmtime_roundup(X509_get_notAfter(x)); at my renewCertificate function. When I renewed the cert valid to for example, to 31/7/2007, the cert valid

RE: newbie: set cert time validity

2007-07-16 Thread David Schwartz
This function rounds an ASN1_UTCTIME up to the end of the day it belongs to. You need to call this function on an ASN1_UTCTIME before you set it as the 'not valid after' date: void X509_gmtime_roundup(ASN1_UTCTIME *s) { /* Rounds an ASN1_UTCTIME up to the end of the current day */ char buf[32];

Re: newbie: set cert time validity

2007-07-15 Thread imin macho
Thanks a lot for trying to help me. here's the snippet of the code: the function that calls IssueCertificate has this line in them: cinfo.begin_validity = day_start; cinfo.validity = day_end; both day_start and day_end are int variables. then they are passed to the IssueCertificate function as

RE: newbie: set cert time validity

2007-07-13 Thread David Schwartz
> thanks a lot for answering my question.. but is this the only way? > it seems a bit overwhelming for me.. isn't there any other way? > like any function we can call? Rather than risking you screwing up security-critical code, why don't you paste the part of the code that sets the validity and

Re: newbie: set cert time validity

2007-07-13 Thread imin macho
thanks a lot for answering my question.. but is this the only way? it seems a bit overwhelming for me.. isn't there any other way? like any function we can call? thanks On 7/13/07, Jim Fox <[EMAIL PROTECTED]> wrote: On Jul 12, 2007, at 9:29 PM, imin macho wrote: > hi... > > i'm a noob in ope

Re: newbie: set cert time validity

2007-07-12 Thread Jim Fox
On Jul 12, 2007, at 9:29 PM, imin macho wrote: hi... i'm a noob in openssl.. my employee asked me to edit our c++ cert issuer engine developed using openssl. currently the cert generated will be valid based on the time we generate it. for example, if i generate a cert at 13 july 2007 1:3

Re: newbie installation problem - Makefile.org not found

2007-06-25 Thread Peter Tsai - GTS
Hi, Endhy, Thank you so much for your help. Obviously I am missing a lot more files than just this one. I've found out the problem. What I did the first time was - I decompressed the file on Windows, transferred the tar file to AIX, then un-tar on AIX. Apparently a lot of files are lost in t

Re: newbie installation problem - Makefile.org not found

2007-06-25 Thread Endhy Aziz
Hi, Here's the Makefile.org (attachment). If you're downloading the complete source code, this file should have been included. Regards, --Endhy Makefile.org Description: Binary data

Re: Newbie build question

2007-05-26 Thread Sumati Gupta
Please ignore. My silly mistake. Got it to build. Sumati Gupta <[EMAIL PROTECTED]> wrote: Hi, This is a newbie question: I downloaded the openssl source and built libssl and libcrypto with the linux-debug-elf option. I removed the efence library from the make file since I don't have it. Now w

Re: Newbie questions

2007-05-25 Thread gary clark
Much appreciated Endhy. Garyc --- Endhy Aziz <[EMAIL PROTECTED]> wrote: > I wrote : > "One of the chapter, "Designing With SSL" may help > ". > > Should be : > One of the chapter, "Coding With SSL" may help > > Regards, > > --Endhy > > > > > > > > __

Re: Newbie questions

2007-05-24 Thread Endhy Aziz
I wrote : "One of the chapter, "Designing With SSL" may help ". Should be : One of the chapter, "Coding With SSL" may help Regards, --Endhy

Re: Newbie questions

2007-05-24 Thread Endhy Aziz
See "SSL and TLS" by Eric Rescorla. It describes SSL protocol completely, including how to program with SSL. One of the chapter, "Designing With SSL" may help you. --Endhy

Re: Newbie questions

2007-05-23 Thread gary clark
Excellent Chas. Thanks, Garyc --- "Chas." <[EMAIL PROTECTED]> wrote: > When I get back to my house this evening I will send > you the file. Will that > be alright? > > Chas. > > On 5/23/07, gary clark <[EMAIL PROTECTED]> > wrote: > > > > Hey Chas, > > > > You dont happen to know the link. Did a

Re: Newbie questions

2007-05-23 Thread Chas .
When I get back to my house this evening I will send you the file. Will that be alright? Chas. On 5/23/07, gary clark <[EMAIL PROTECTED]> wrote: Hey Chas, You dont happen to know the link. Did a quick search and just got the pdf with just the first 5 chapters? Much appreciated, Garyc --- "Ch

Re: Newbie questions

2007-05-23 Thread gary clark
Hey Chas, You dont happen to know the link. Did a quick search and just got the pdf with just the first 5 chapters? Much appreciated, Garyc --- "Chas." <[EMAIL PROTECTED]> wrote: > I believe a PDF is available for free on the > Internet. I googled for it a > few weeks ago thinking I would find a

Re: Newbie questions

2007-05-23 Thread Chas .
I believe a PDF is available for free on the Internet. I googled for it a few weeks ago thinking I would find an abstract of it and instead found the entire book. Chaz On 5/23/07, gary clark <[EMAIL PROTECTED]> wrote: Hey Mark, Yep I think your right. Ordered the Network Security with OpenSSL

RE: Newbie questions

2007-05-23 Thread gary clark
Hey Mark, Yep I think your right. Ordered the Network Security with OpenSSL book. Thanks, Garyc --- Mark <[EMAIL PROTECTED]> wrote: > Hi, > > > I downloaded and installed open-ssl on a windows > > environment. I then used the openssl application > to > > start the s_client and s_server. > >

RE: Newbie questions

2007-05-23 Thread Mark
Hi, > I downloaded and installed open-ssl on a windows > environment. I then used the openssl application to > start the s_client and s_server. > > I ran the client and server with the following > commands. I then attempted to connect my client to the > s_server. I managed to connect to the serv

Re: Newbie Questions

2007-04-04 Thread Goetz Babin-Ebell
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rocky S schrieb: > 1) I have installed openssl sources. In the certs directory, > there are various certificates. I looked at a couple of > them - aol1.pem & vsign1.pem. > > The vsign1.pem starts with [...] > The aol1.pem directly starts with BEGIN_C

Re: Newbie assumptions & questions

2007-03-01 Thread Bernhard Froehlich
Bruno Costacurta schrieb: [...] - serial information within the certificate is useless If you are still talking of only the serial number you are correct. But if you also know the issuing CA you can uniquely identify the certificate. A CRL (Certificate Revocation List) for example w

Re: Newbie assumptions & questions

2007-03-01 Thread Bruno Costacurta
On Friday 23 February 2007 15:32:54 Bernhard Froehlich wrote: > Bruno Costacurta schrieb: > > Hello, > > > > as a newbie, I have some assumptions / questions hereafter about OpenSSL > > and certificates. Many thanks to correct / confirm me. > > > > - a certificate is a public key with metadata > >

Re: Newbie assumptions & questions

2007-02-23 Thread Bernhard Froehlich
Bruno Costacurta schrieb: Hello, as a newbie, I have some assumptions / questions hereafter about OpenSSL and certificates. Many thanks to correct / confirm me. - a certificate is a public key with metadata - metadata contain mandatories (ie. subject and issuer) and optional parameters - the

RE: Newbie question

2007-02-01 Thread Doug Kunzman
TECTED] On Behalf Of Bertram Scharpf Sent: Wednesday, January 31, 2007 7:44 PM To: openssl-users@openssl.org Subject: Re: Newbie question Hi, Am Mittwoch, 31. Jan 2007, 13:02:13 -0500 schrieb Doug Kunzman: > Can openssl be used for HTTP communication without using SSL if in the > future we

Re: Newbie question

2007-01-31 Thread Dr. Stephen Henson
On Wed, Jan 31, 2007, Doug Kunzman wrote: > All - > > I was looking for an interface or factory class like java has were you can > switch between SocketFactory and SSLSocketFactory and both implement the > Socket interface. Does this help? The port is no big deal but the low > level asynchrono

Re: Newbie question

2007-01-31 Thread Victor Duchovni
On Thu, Feb 01, 2007 at 01:44:05AM +0100, Bertram Scharpf wrote: > > Can openssl be used for HTTP communication without using SSL if in the > > future we are going to SSL communication to our project? > > You should consider using SSL right from the start. There > are loads of key generation howt

Re: Newbie question

2007-01-31 Thread Bertram Scharpf
Hi, Am Mittwoch, 31. Jan 2007, 13:02:13 -0500 schrieb Doug Kunzman: > Can openssl be used for HTTP communication without using SSL if in the > future we are going to SSL communication to our project? You should consider using SSL right from the start. There are loads of key generation howtos on t

RE: Newbie question

2007-01-31 Thread Doug Kunzman
users@openssl.org Subject: Re: Newbie question This is just a shot in the dark answer -- because I don't know of a way to use SSL without using SSL :) You can get a web-site project up and running using port 443 with a web-server (like apache), without using openSSL encryption on port 443...

Re: Newbie question

2007-01-31 Thread Bill Angus
This is just a shot in the dark answer -- because I don't know of a way to use SSL without using SSL :) You can get a web-site project up and running using port 443 with a web-server (like apache), without using openSSL encryption on port 443 Then you can setup openSSL and your certs later

Re: Newbie Needs Help!!!

2006-09-28 Thread Marek Marcola
Hello, > When I do that, I now get: > > RAPTOR_$ openssl s_client -connect adtest:636 "-CAfile" certnew.pem > CONNECTED(0003) > depth=0 /CN=adtest.altdomain2000.psccos.com > verify error:num=20:unable to get local issuer certificate > verify return:1 > depth=0 /CN=adtest.altdomain2000.psccos.c

Re: Newbie Needs Help!!!

2006-09-27 Thread Dan O'Reilly
When I do that, I now get: RAPTOR_$ openssl s_client -connect adtest:636 "-CAfile" certnew.pem CONNECTED(0003) depth=0 /CN=adtest.altdomain2000.psccos.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /CN=adtest.altdomain2000.psccos.com verify error:num=27

Re: Newbie Needs Help!!!

2006-09-27 Thread Richard Levitte - VMS Whacker
Hi Dan, In message <[EMAIL PROTECTED]> on Mon, 25 Sep 2006 09:50:32 -0600, Dan O'Reilly <[EMAIL PROTECTED]> said: dano> My CA is another system (Windows) and I requested it to create dano> the trusted root certificate in PKCS7 format, which I copied to dano> my VMS system. I can use OPENSSL PKC

Re: Newbie Needs Help!!!

2006-09-22 Thread Marek Marcola
Hello, > Trying to use OpenSSL 0.9.8 on a VMS system. Specifically, I'm having > problems using OpenSSL underneath OpenLDAP to talk to another non-OpenLDAP > system and can't get THAT to work. It's been suggested that I use OPENSSL > S_CLIENT to ensure my basic certificates are correct. > > M

Re: [NEWBIE] trying to convert DER file to PEM one

2006-08-24 Thread Bernhard Froehlich
tizon wrote: Dear OpenSLL users, first of all, let me point out that I'm a total newbie in the area of encryption. So maybe, my question could sound stupid ... I'm using OpenSSL 0.9.8a-7build1 on Kubuntu Dapper. And i just would like to create a PEM certificat file with two DER encrypted file(

Re: newbie in need for hints

2006-06-13 Thread Marek Marcola
Hello, > The problem with this is that from what I understand stunnel still > needs a certificate on the server side, so we are back to having to > create/purchase/manage possibly thousands of certificates, which is > entirely impractical, unless running all servers with the same > certificate

Re: newbie in need for hints

2006-06-13 Thread Jerome Alet
On Tue, Jun 13, 2006 at 09:20:04AM +0200, Marek Marcola wrote: > Hello, > > > In particular, having a separate certificate for each of the > > servers (desktop systems) really could be problematic considering > > the number of them, although having one for each client (print > > servers) could be

Re: newbie in need for hints

2006-06-13 Thread Marek Marcola
Hello, > In particular, having a separate certificate for each of the > servers (desktop systems) really could be problematic considering > the number of them, although having one for each client (print > servers) could be feasible. If you control all this - this may be acceptable. > Someone sugg

RE: Newbie questions : 2 issues relating to interaction between Linux, Windows 2000 and Cisco.

2006-04-03 Thread Davidson, Brett (Managed Services)
Thanks Kyle. I had not been aware of the "registration authority" option. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Hamilton Sent: Monday, 3 April 2006 2:21 p.m. To: openssl-users@openssl.org Subject: Re: Newbie questions : 2 issues r

Re: Newbie questions : 2 issues relating to interaction between Linux, Windows 2000 and Cisco.

2006-04-02 Thread Kyle Hamilton
On 4/2/06, Davidson, Brett (Managed Services) <[EMAIL PROTECTED]> wrote: > I can set the Cisco certificate to authenticate to the W2K domain. > That's reasonably simple. > Deciding what to do about things after that gets a little interesting > but that's another topic... :-) > > The anonymous conne

RE: Newbie questions : 2 issues relating to interaction between Linux, Windows 2000 and Cisco.

2006-04-02 Thread Davidson, Brett (Managed Services)
e- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Hamilton Sent: Monday, 3 April 2006 11:26 a.m. To: openssl-users@openssl.org Subject: Re: Newbie questions : 2 issues relating to interaction between Linux, Windows 2000 and Cisco. The Cisco also needs to be exempted from

RE: Newbie questions : 2 issues relating to interaction between Linux, Windows 2000 and Cisco.

2006-04-02 Thread Davidson, Brett (Managed Services)
I take it that the easiest solution is to establish a certificate-authenticated VPN instead then? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Hamilton Sent: Monday, 3 April 2006 11:26 a.m. To: openssl-users@openssl.org Subject: Re: Newbie

Re: Newbie questions : 2 issues relating to interaction between Linux, Windows 2000 and Cisco.

2006-04-02 Thread Kyle Hamilton
The Cisco also needs to be exempted from the "authenticated domain members" rule, unless you can set its identifying certificate up as authenticatable to the domain. (You are authenticating against the Windows 2000 domain, correct?) There are known issues with restricting access to known machines

Re: [Newbie] Conversion PEM --> DER (pkcs7) fails with demo certificate

2006-03-24 Thread Rainer Menzner
Olaf Gellert wrote: Rainer Menzner wrote: 2) Create a binary encoded DER file as a public certificate: openssl.exe pkcs7 -inform PEM -outform DER -in pca-cert.pem -out test1.cer -text Well, what do you need? If you just want a DER file for a single certificate, just use: openssl x509

Re: [Newbie] Conversion PEM --> DER (pkcs7) fails with demo certificate

2006-03-23 Thread Olaf Gellert
Rainer Menzner wrote: > 2) Create a binary encoded DER file as a public certificate: > > openssl.exe pkcs7 -inform PEM -outform DER -in pca-cert.pem -out > test1.cer -text Well, what do you need? If you just want a DER file for a single certificate, just use: openssl x509 -in pca-cert.pem -

Re: Newbie question X509 certificate stores

2006-01-02 Thread Dr. Stephen Henson
On Mon, Jan 02, 2006, Dr. Stephen Henson wrote: > On Mon, Jan 02, 2006, George Garvey wrote: > > >Some problems w/reverse DNS prevented posting this until now. > > > > On Wed, Dec 28, 2005 at 07:12:30PM +0100, Dr. Stephen Henson wrote: > > > On Wed, Dec 28, 2005, George Garvey wrote: > > >

Re: Newbie question X509 certificate stores

2006-01-02 Thread Dr. Stephen Henson
On Mon, Jan 02, 2006, George Garvey wrote: >Some problems w/reverse DNS prevented posting this until now. > > On Wed, Dec 28, 2005 at 07:12:30PM +0100, Dr. Stephen Henson wrote: > > On Wed, Dec 28, 2005, George Garvey wrote: > > > > >I'm having a very similar problem as this one. > > >

Re: Newbie question X509 certificate stores

2006-01-02 Thread George Garvey
Some problems w/reverse DNS prevented posting this until now. On Wed, Dec 28, 2005 at 07:12:30PM +0100, Dr. Stephen Henson wrote: > On Wed, Dec 28, 2005, George Garvey wrote: > > >I'm having a very similar problem as this one. > >I have a file I made from data sent from an AS2 system.

Re: Newbie question X509 certificate stores

2006-01-02 Thread George Garvey
Some problems w/reverse DNS prevented posting this until now. On Wed, Dec 28, 2005 at 07:12:30PM +0100, Dr. Stephen Henson wrote: > On Wed, Dec 28, 2005, George Garvey wrote: > > >I'm having a very similar problem as this one. > >I have a file I made from data sent from an AS2 system.

RE: Newbie question X509 certificate stores SOLVED

2005-12-29 Thread Chris Morrison
> > There seems to be a problem with whatever has been used to save the data. > It > is prepending the byte 0, 1 to the start of the structure. If you skip > these > OpenSSL has no problems parsing the PKCS#7 data. > Worked a treat. I downloaded an older version of the PKZIP application note, a

Re: Newbie question X509 certificate stores

2005-12-28 Thread Dr. Stephen Henson
On Wed, Dec 28, 2005, George Garvey wrote: >I'm having a very similar problem as this one. >I have a file I made from data sent from an AS2 system. The HTTP > headers before the data are (abbreviated to the S/MIME stuff): > Subject: EDIINTDATA > Message-Id: <[EMAIL PROTECTED]> > Dispositio

Re: Newbie question X509 certificate stores

2005-12-28 Thread George Garvey
I'm having a very similar problem as this one. I have a file I made from data sent from an AS2 system. The HTTP headers before the data are (abbreviated to the S/MIME stuff): Subject: EDIINTDATA Message-Id: <[EMAIL PROTECTED]> Disposition-Notification-To: inXServices Disposition-Notification-

Re: Newbie question X509 certificate stores

2005-12-28 Thread Dr. Stephen Henson
On Wed, Dec 28, 2005, Chris Morrison wrote: > > > > > What do you mean "fails to open the store"? > > > > What does the data look like that you are feeding into d2i_PKCS7()? Doies > > it > > have lines with -BEGIN in it? > > I cannot find this anywhere in the data. > > > > > If

RE: Newbie question X509 certificate stores

2005-12-28 Thread Chris Morrison
> > What do you mean "fails to open the store"? > > What does the data look like that you are feeding into d2i_PKCS7()? Doies > it > have lines with -BEGIN in it? I cannot find this anywhere in the data. > > If the data is available as a file try: > > openssl pkcs7 -in file -inf

Re: Newbie question X509 certificate stores

2005-12-27 Thread Dr. Stephen Henson
On Tue, Dec 27, 2005, Chris Morrison wrote: > > > I've finally found time to get back to this project. Thanks for the pointers > Steve. > > However, I've tried using the above call d2i_PKCS7(), but it fails to open > the store with the errors below. > > 4777:error:0D0680A8:asn1 encoding routin

RE: Newbie question X509 certificate stores

2005-12-27 Thread Chris Morrison
> -Original Message- > From: [EMAIL PROTECTED] [mailto:owner-openssl- > [EMAIL PROTECTED] On Behalf Of Dr. Stephen Henson > Sent: 13 August 2005 17:44 > To: openssl-users@openssl.org > Subject: Re: Newbie question X509 certificate stores > > On Sat, Aug 13, 20

Re: Newbie dev problems: EVP_DecryptFinal:wrong final block length

2005-11-23 Thread Dr. Stephen Henson
On Wed, Nov 23, 2005, roro GRONAN wrote: > Hi everybody, > i'm new with the openssl libs (0.9.8a), I try to develop a program wich > need to produce a file that can be decrypted with the openssl command line > tool. > i choosed des_ede3_cbc as the syemtric algorithm. > > the "encryption" part o

Re: Newbie question X509 certificate stores

2005-08-13 Thread Dr. Stephen Henson
On Sat, Aug 13, 2005, Chris Morrison wrote: > Michael wrote: > > >Hi Chris, > > > >What type of keystores are you talking about here? (pkcs#12?) > > > > > > > It's a PKCS#7 store, I am trying to read the certificate store from a > digitally signed ZIP file. > > I have done it with no probs in

Re: Newbie question X509 certificate stores

2005-08-13 Thread Chris Morrison
Michael wrote: Hi Chris, What type of keystores are you talking about here? (pkcs#12?) It's a PKCS#7 store, I am trying to read the certificate store from a digitally signed ZIP file. I have done it with no probs in VC++ using Microsoft's CryptoAPI, you just read the data into a buffer,

Re: Newbie SSL_write question

2005-08-13 Thread Michael
Thanks for Jagannadha and David for their replies and help with this. I delved into the server-side of the code yesterday and found the fault (luckily it's someone elses!). Basically the server wasn't using select and fd_set/fd_isset correctly, and was terminating the socket after 32k of recieve

Re: Newbie question X509 certificate stores

2005-08-13 Thread Michael
Hi Chris, What type of keystores are you talking about here? (pkcs#12?) Michael. On 8/13/05, Chris Morrison <[EMAIL PROTECTED]> wrote: > So many replies. I don't know where to start. > > > Chris Morrison wrote: > > >Hi all, > > > >I have recently moved over to Linux, having rid my computer of

Re: Newbie question X509 certificate stores

2005-08-13 Thread Chris Morrison
So many replies. I don't know where to start. Chris Morrison wrote: Hi all, I have recently moved over to Linux, having rid my computer of the M $.Windows virus. I am porting a program that I wrote over to Linux and I am looking for a library to provide X509 digital certificate functions. M

Re: Newbie SSL_write question

2005-08-12 Thread Jagannadha Bhattu Gosukonda
Call ERR_clear_error() before while loop and call ERR_get_error_line_data in a loop till it returns 0 inside SSL_ERROR_SYSCALL case. This may give you some idea on what went wrong. JB On 8/11/05, Michael <[EMAIL PROTECTED]> wrote: > On 8/11/05, David Schwartz <[EMAIL PROTECTED]> wrote: > > > >

RE: Newbie SSL_write question

2005-08-11 Thread David Schwartz
> When I try and write more than 32k I get the following messages... > > - Attempting to write 59266 bytes > - Written 16384 bytes > - Written 16384 bytes > - SSL_ERROR_SYSCALL: error::lib(0):func(0):reason(0) > > I have SSL_load_error_strings() earlier in my code, but don't get any > more

Re: Newbie SSL_write question

2005-08-11 Thread Michael
On 8/11/05, David Schwartz <[EMAIL PROTECTED]> wrote: > > My code uses blocking sockets, has the SSL_CTX > > SSL_MODE_ENABLE_PARTIAL_WRITE option set and loops on the ssl_read but > > the socket is closed after the first 32k is sent. > > > > Why, if a message block size is 16k, does the first 32

RE: Newbie SSL_write question

2005-08-11 Thread David Schwartz
> I have a 'problem' that has been reported before, namely that only the > first 32k of my messages are being sent/read by my openSSL > client/server. > > The original post is here: > http://marc.theaimsgroup.com/?l=openssl-users&m=101180918225646&w=2. > > The solution given was to read the man pa

Re: Newbie S/MIME decryption questions

2005-04-18 Thread Christian Gütter
Hi Steve, > Add -noverify to the command line options. That will disable certificate > verification: which is the cause of that error message. This worked. Thank you very much for sharing your insight into the mighty command line options of OpenSSL! Christian __

Re: Newbie S/MIME decryption questions

2005-04-18 Thread Dr. Stephen Henson
On Mon, Apr 18, 2005, Christian Gütter wrote: > Hi Steve, > > thanks for your answer. > > > 0.9.7c is old, you should use the latest version. 0.9.7g if possible. > > Will do that. > > > If you do: > > openssl smime -verify -in destination -out message > > it will attempt to verify the message

Re: Newbie S/MIME decryption questions

2005-04-18 Thread Christian Gütter
Hi Steve, thanks for your answer. > 0.9.7c is old, you should use the latest version. 0.9.7g if possible. Will do that. > If you do: > openssl smime -verify -in destination -out message > it will attempt to verify the message (which will probably give an error > becaue it can't find the signing

  1   2   3   >