The official version of OpenSSL works fine when compiled against the
upstream FIPS module.
Yes, It's distribution specific and reverting the file fixed the issue.
Thanks for your time.
Regards,
Abdul
On 13-Aug-14 7:02 PM, Dr. Stephen Henson wrote:
On Wed, Aug 13, 2014, Abdul Anshad wrote:
On Wed, Aug 13, 2014, Abdul Anshad wrote:
> I use the src rpm downloaded from
> http://koji.fedoraproject.org/koji/buildinfo?buildID=551423 .
>
> Inquired about this issue with one of the package maintainers from
> koji.fedoraproject.org and following was his comment.
>
> "Apparently the Known a
I use the src rpm downloaded from
http://koji.fedoraproject.org/koji/buildinfo?buildID=551423 .
Inquired about this issue with one of the package maintainers from
koji.fedoraproject.org and following was his comment.
"Apparently the Known answer test for RSA X9.31 signatures
does not match an
On Mon, Aug 11, 2014, Abdul Anshad wrote:
> Hello All,
>
> I have a set up which runs Apache http-2.4.10 and Openssl-1.0.1i,
> when I try to start the http server with FIPS mode i get the
> following error.
>
> [Mon Aug 11 14:39:24.407781 2014] [suexec:notice] [pid 380] AH01232:
> suEXEC mechani
On Tue, Aug 12, 2014, Thulasi Goriparthi wrote:
> $ openssl genrsa 2048 > key.pem
> $ openssl req -new -x509 -key key.pem -out cert.pem -sha256
>
You also need to set the environment variable OPENSSL_FIPS=1 so the operations
are performed in FIPS mode.
Steve.
--
Dr Stephen N. Henson. OpenSSL pr
check 'ldd mod_ssl.so' for proper linkage.
-Jayadev.
On Tue, Aug 12, 2014 at 7:01 PM, Abdul Anshad wrote:
> Thank you for the response.
>
> I already have a SHA-256 self signed certificate with a bit size 2048 but
> still ended up with the same error.
>
> I used the following command to create
Thank you for the response.
I already have a SHA-256 self signed certificate with a bit size 2048
but still ended up with the same error.
I used the following command to create the self signed certificate.
$ openssl req -x509 -sha256 -days 365 -newkey rsa:2048 -keyout
/etc/pki/tls/private/lo
On Tue, Aug 12, 2014 at 11:24:40AM +0530, Thulasi Goriparthi wrote:
> $ openssl genrsa 2048 > key.pem
Don't forget "umask 077" before that. Otherwise, the key file is often
world-readable. With AFS, "fs setacl . ..." to restrict access to the
containing directory.
--
Viktor.
_
$ openssl genrsa 2048 > key.pem
$ openssl req -new -x509 -key key.pem -out cert.pem -sha256
On Tue, Aug 12, 2014 at 11:08 AM, Abdul Anshad wrote:
> Could you please provide me the steps for creating a self signed
> certificate meeting the current FIPS standard ?
>
> Thank you for the response.
Hello,
> The system is 11.11. I'm *pretty* sure everything has been compiled
> with gcc. I'm compiling apache with gcc, but OpenLDAP and Openssl might
> have been compiled with something different. The apache install that
> works was definitely also compiled with gcc and uses the same install of
penSSL and OpenLDAP. There is no lsof on this system, but I might be
able to track down a copy.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
Sent: Wednesday, September 12, 2007 11:43 AM
To: openssl-users@openssl.org
Subject: RE: SSL Lib
Hello,
I've missed that this is on hpux11.
Very important is what version you have: hpux1100, hpux,
hpux1123ia, hpux1123pa, hpux1131ia or hpux1131pa ?
> I added --with-ssl=/usr/local to the the configure options and
> recompiled. Although mod_ldap is still unhappy, that corrects the
> unresol
f Marek Marcola
Sent: Wednesday, September 12, 2007 9:41 AM
To: openssl-users@openssl.org
Subject: RE: SSL Library Error
Hello,
> Well, I recompiled AGAIN with no mention of the 0.9.8 library in any
of
> my environment variables. The resulting httpd binary showed no links
to
> the 0.9.8 li
Hello,
> Well, I recompiled AGAIN with no mention of the 0.9.8 library in any of
> my environment variables. The resulting httpd binary showed no links to
> the 0.9.8 libraries, just 0.9.7 (the system OS libraries). THIS one
> won't even start. I get an error of:
>
> /usr/lib/dld.sl: Unresolved
ssage-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Victor Duchovni
Sent: Tuesday, September 11, 2007 4:12 PM
To: openssl-users@openssl.org
Subject: Re: SSL Library Error
On Tue, Sep 11, 2007 at 03:34:13PM -0400, Aaron Smith wrote:
> Looking at the output of LDD closer,
On Tue, Sep 11, 2007 at 04:15:47PM -0400, Aaron Smith wrote:
> I'll see if I can figure out what's causing apache to link to 0.9.7. As
> far as I know, I've got all my environment variables set to look at the
> 0.9.8 libraries. It seems odd that the original compile would work
> though.
On any
EMAIL PROTECTED] On Behalf Of Victor Duchovni
Sent: Tuesday, September 11, 2007 4:12 PM
To: openssl-users@openssl.org
Subject: Re: SSL Library Error
On Tue, Sep 11, 2007 at 03:34:13PM -0400, Aaron Smith wrote:
> Looking at the output of LDD closer, it looks like the httpd binary is
> lin
On Tue, Sep 11, 2007 at 03:34:13PM -0400, Aaron Smith wrote:
> Looking at the output of LDD closer, it looks like the httpd binary is
> linked to both libraries. BUT, I don't think this is the cause of the
> problem as the httpd binary that DOES work is ALSO linked this way
Being linked to b
Hello,
> I apologize in advance if this is not the correct forum for this
> question. I haven’t had much luck in the apache forums. I have an
> apache 2.0.55 installation that I’m attempting to recompile on an
> HP-UX 11 system. It has mod_ssl 2.0.66 and I have OpenSSL 0.9.8d
> installed in /op
@openssl.org
Subject: RE: SSL Library Error
Looking at the output of LDD closer, it looks like the httpd binary is
linked to both libraries. BUT, I don't think this is the cause of the
problem as the httpd binary that DOES work is ALSO linked this way
-Original Message-
From: [
D] On Behalf Of Victor Duchovni
Sent: Tuesday, September 11, 2007 1:57 PM
To: openssl-users@openssl.org
Subject: Re: SSL Library Error
On Tue, Sep 11, 2007 at 01:43:50PM -0400, Aaron Smith wrote:
> I apologize in advance if this is not the correct forum for this
> question. I haven't had
On Tue, Sep 11, 2007 at 01:43:50PM -0400, Aaron Smith wrote:
> I apologize in advance if this is not the correct forum for this
> question. I haven't had much luck in the apache forums. I have an
> apache 2.0.55 installation that I'm attempting to recompile on an HP-UX
> 11 system. It has mod_
On Tue, Sep 11, 2007 at 11:45:41AM -0400, Joseph Burch wrote:
> The suspicious libraries were /usr/sfw/lib/libcrypto.so.0.9.7 and
> /usr/sfw/lib/libssl.so.0.9.7, both in the SUN Solaris 10 distribution.
> Building openssl_0.9.7m from source using /opt/SUNWspro/bin/cc and
> swapping in the new
The suspicious libraries were /usr/sfw/lib/libcrypto.so.0.9.7 and
/usr/sfw/lib/libssl.so.0.9.7, both in the SUN Solaris 10 distribution.
Building openssl_0.9.7m from source using /opt/SUNWspro/bin/cc and
swapping in the new libraries cleared the problem.
Thanks, Joe
Joseph Burch wrote:
Fo
Hi (sorry for my english),
I got a similar problem.
openssl-0.9.7d has problems with some kind of ciphers; for example, my
client offers as first cipher AES256-SHA (Negotiated ciphers:
AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1)
and when transmission starts I get:
Vladimir Litovka <[EMAIL PROTECTED]>:
> [Sun Sep 26 09:42:38 1999] [error] OpenSSL: error:0B080074:x509 certificate
> routines:X509_check_private_key:key values mismatch
>
> What does it mean?
Possible you installed the CA certificate instead of the certificate
created for your server (use "op
26 matches
Mail list logo
