Two weeks ago Viktor Dukhovni wrote:
> Actually, SHA-2 SHOULD NOT (yet) be used for signing certificates.
>
> Many TLSv1 clients don't support SHA-2 and servers must present
> SHA-1 certificates except when TLSv1.2 clients indicate SHA-2 support.
> Fielding multiple certificates with different
>
> From: owner-openssl-users On Behalf Of Marcus Schmitt
> Sent: Monday, November 04, 2013 10:31
> I created the root-CA, Intermediate-CA and the servercert on my MAC
> (10.8), afterwards I imported the file to my FreeBSD 9.
>
> When I try to create all the CA and certs on my FreeBSD directly I re
Hello,
there is one information I forgot to mention in my previews mails, maybe this
is the reason for the problem.
I created the root-CA, Intermediate-CA and the servercert on my MAC (10.8),
afterwards I imported the file to my FreeBSD 9.
When I try to create all the CA and certs on my FreeBS
On Wed, Oct 30, 2013 at 06:13:51PM +, Paul Suhler wrote:
> Note that SHA-1 is being deprecated by NIST for generating new
> signatures. You may want to consider a SHA-2 algorithm (e.g.,
> SHA-224 or SHA-256). In principle it's still okay to *validate*
> legacy signatures, e.g., SHA-1.
Actua
Hello Marcus
On 30.10.2013 19:26, Marcus Schmitt wrote:
nameopt = default_ca
certopt = default_ca
what do this lines should mean in your openssl.cnf?
can you do the following with each of your generated certificates:
openssl x509
l.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Walter H.
Sent: Wednesday, October 30, 2013 11:05
To: openssl-users@openssl.org
Subject: Re: Signature Algorithm that was disabled because that algorithm is
not secure
Hello,
On 30.10.2013 18:17, Marcus Schmitt wrote:
> I have one problem
Hello Walter,
the problem is that the openssl.cnf file already include this line:
This is my file:
===
# OpenSSL configuration file.
#
# Establish working directory.
dir = .
[ ca ]
default_ca = CA_default
[ CA_default ]
ser
Hello,
On 30.10.2013 18:17, Marcus Schmitt wrote:
I have one problem after I created a root-CA, intermediate-CA and a server
certificate. After I configured my apache with the server cert, key and
intermediate cert and importing the root-CA to firefox 24 I received the
following error when I
9. Public key algorithm parameters: I used EVP_PKEY_print_param and printed
to a mem bio.
On Mon, Jan 10, 2011 at 3:53 PM, Karthik Ravikanti <
karthik.ravika...@gmail.com> wrote:
> Actually I'm working on a small wrapper for the X509 object.
>
> I need all the following:
>
>1. Version: got th
Actually I'm working on a small wrapper for the X509 object.
I need all the following:
1. Version: got this from X509_get_version(cert)
2. Serial number: got this from
ASN1_INTEGER_get(X509_get_serialNumber(cert))
3. Signature Algorithm as a string: got this from
OBJ_nid2ln(X509_ge
On Mon, Jan 10, 2011 at 02:32:35PM +0530, Karthik Ravikanti wrote:
> I remember seeing a method to get the signature parameters as a buffer. I
> can't find it now. :-(
OBJ_nid2ln(OBJ_obj2nid(cert->sig_alg->algorithm))
returns a pointer to the string representation of the signature algorithm
like "
I remember seeing a method to get the signature parameters as a buffer. I
can't find it now. :-(
On Mon, Jan 10, 2011 at 2:13 PM, Karthik Ravikanti <
karthik.ravika...@gmail.com> wrote:
> Thanks, I discovered this too, by searching for X509_get_signature_type in
> Google's codesearch tool.
> Wher
Thanks, I discovered this too, by searching for X509_get_signature_type in
Google's codesearch tool.
Where are these things documented anyway?
On Mon, Jan 10, 2011 at 11:40 AM, Christian Hohnstaedt <
christ...@hohnstaedt.de> wrote:
> On Mon, Jan 10, 2011 at 10:51:21AM +0530, Karthik Ravikanti wro
On Mon, Jan 10, 2011 at 10:51:21AM +0530, Karthik Ravikanti wrote:
> Hi,
>
> How can we get a string representation of a signature algorithm from a
> certificate?
X509 *cert;
const char *sigalg = OBJ_nid2ln(OBJ_obj2nid(cert->sig_alg->algorithm));
Cheers
Christian
__
14 matches
Mail list logo
