In addition to however OpenSSL does it, you can see how it’s done here:
https://metacpan.org/release/Crypt-Perl/source/lib/Crypt/Perl/X509/Extension/ct_precert_scts.pm
https://metacpan.org/release/Crypt-Perl/source/lib/Crypt/Perl/X509/Extension/ct_precert_poison.pm
-F
> On Jan 10, 2021, at 12:
Server shall use it's own private key to sign the cert req. Your code is
trying to use public key from the certificate request.
Use
*X509_sign(m_req_reply, m_pukey, EVP_md5()); *
instead of
*X509_sign(m_req_reply, pkey, EVP_md5());*
Your notation is little confusing. When an RSA structure is assi
You can check IETF RFC 4523 for the schema.
On Wed, Nov 23, 2011 at 4:51 PM, prabhu kalyan rout wrote:
> Thanks for the document. This document tells me about the ldif file
> but its not saying anything about
> the schema. I need step by step procedure.
>
> please help
>
>
> On Mon, Nov 21, 2011
Thanks for the document. This document tells me about the ldif file
but its not saying anything about
the schema. I need step by step procedure.
please help
On Mon, Nov 21, 2011 at 9:51 PM, Erwin Himawan wrote:
> Although, this doc is outdated, I find that this doc is
> helpful: http://vandervl
Although, this doc is outdated, I find that this doc is helpful:
http://vandervlies.xs4all.nl/~andre/Docs/pkildap.html
On Mon, Nov 21, 2011 at 7:53 AM, prabhu kalyan rout wrote:
> Hi,
> I am trying to store user certificates to ldap. But i dont know how to do
> it.
>
> Can anybody please tell m
Thank you.
--satish
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Brad Mitchell
Sent: Tuesday, June 09, 2009 12:55 AM
To: openssl-users@openssl.org
Subject: RE: Certificates in a buffer
You could do this to read in a
> Hi All
>
> I have certificate and private key in a buffer (not in a file). How do
> I pass on these to OpenSSL with out storing in a temp file? In other
> words are there any APIs that take certificate from a buffer instead
> of a file?
>
> I could only find APIs that expect a file argument or X
You could do this to read in a certificate:
X509* loadCert(const char* inputBuffer)
{
BIO *cert = NULL;
X509* x509Cert = NULL;
cert = BIO_new_mem_buf(inputBuffer, -1);
if (cert)
{
X509Cert = PEM_read_bio_X509(cert, NULL, 0, NULL);
}
Hi Renato,
On Wed, Jul 2, 2008 at 6:27 PM, Renato Araújo Ferreira
<[EMAIL PROTECTED]> wrote:
> Hello,
>
> I have a program that is installed in some desktops to listen for
> connections from a client that connect to this desktop to gathe some
> information about the system. The problem is that the
I see these in ssl.h
int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d);
and I've used the SSL_CTX_use_certificate_ASN1(), with 'd'
being a DER encoded cert in a buffer
Bhagvan
David Schwartz <[EMAIL PROTECTED]> wrote:
> i mean is there any equivalent function for
> SSL_CTX_use_certificate_chain_file which takes certificate buffer
> instead of certificate file name.
Just look at the source code to SSL_CTX_use_certificate_chain_file. As I
recall (it has been awhile) you will find code in there that address the
c
> > and you've just multiplied your public key computation
> > load by a factor of three of four.
> No, you "merely" double it. One - check that the identity cert is
> valid, two
> - that the attribute cert that *you* are interested in (out of a
> dozen that
> may be attached to this identity cer
> For both the responses I got, it looks like the server need
> to access the information (whether identity or attribute or
> whatever) present in the certificate and use that to decide
> the permissions for the peer that represented this certificate.
> Is my understanding correct?
Partially so
> Well, the Subject Distinguished Name should have the
> Organization...
Can you envision long-lived certs issued by gov't - like passports? In that
case, Organization would not have the same semantics. But this is less
relevant for our discussion.
> ...but I strongly disagree with you if you th
On 2007.05.25 at 08:16:19 -0400, Mouse wrote:
> I'm driving at Attribute Certificates. They are supposed to have shorter
> life than identity certs, but still long enough to be usable.
I've seen project to add attribute certificates to OpenSSL.
http://openpmi.sourceforge.net/
You can try to down
Thank you very much for the response.
For both the responses I got, it looks like the server need to access the
information (whether identity or attribute or whatever) present in the
certificate
and use that to decide the permissions for the peer that represented this
certificate.
Is my understandi
Mouse wrote:
> I.e. for the sake of the argument identity
> "Michael" may have an attribute "employee of Tenebras", and another
> attribute "permitted access to dev repository A12".
Well, the Subject Distinguished Name should have the Organization,
but I strongly disagree with you if you think a
> > ... is it necessary to
> > issue ONE certificate to EACH individual.
>
> Yes. The problem of granting access based on membership in a
> group is an authorization problem.
Correct.
> This doesn't have
> anything to do with certificates -- permissions and roles
> change independently of
Urjit Gokhale wrote:
It seems that you are making the common mistake of conflating authentication
with authorization. Certs are useful in binding pubkeys to identities and
subsequently in verifying possession of the private key by being able to
perform decryption.
The SSL protocol has provision
Hello,
> I would like to have your opinion on one scenario, and my approach to
> provide needed functionality:
> 1) I have a server that listens to connection requests from the clients over
> the internet (meaning anyone and everyone who knows my ip/port can send me
> connection request. I am not b
Still no response :-(
Could someone please help me clarify my doubts?
thanks,
~ Urjit
- Original Message -
From: "Urjit Gokhale" <[EMAIL PROTECTED]>
To:
Sent: Thursday, May 24, 2007 4:28 PM
Subject: Re: Certificates, users and machines
> Thanks for your reply.
>
: "Kyle Hamilton" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, May 16, 2007 4:45 PM
Subject: Re: Certificates, users and machines
> A certificate binds the public key of a public/private (asymmetric)
> key pair with additional information.
> A certificate is trusted by some trusting
I hope this information helps.
-Kyle H
Thank you for your response and information about the proxies.
I now have a feeling that to write a verification callback function, I will
need to
retrieve the information stored in the certificate that the peer has sent
to me.
If you want t
> A certificate binds the public key of a public/private (asymmetric)
> key pair with additional information.
> A certificate is trusted by some trusting authority. In most cases,
> this is a certifying authority (CA) -- and the asymmetric signature
> by the CA is an assertion that the CA believes
On 2007.05.16 at 16:03:38 +0530, Urjit Gokhale wrote:
>Hello everyone,
>
>I have some doubts about certificates, which I wish to get clarification
>on.
>
>Here is my understanding about certificates:
>* Certificates bind the public key with some other information like the
>
A certificate binds the public key of a public/private (asymmetric)
key pair with additional information.
A certificate is trusted by some trusting authority. In most cases,
this is a certifying authority (CA) -- and the asymmetric signature
by the CA is an assertion that the CA believes tha
Hi VKG
The problem statement confuses me but we had a problem to infinite
host on a single secure server between our client and server and we
chose N Contexts that are loaded with SSL certificate of the server
requested (we know that from our helper program) generated on runtime
and clients accep
I'm not entirely certain what you're asking here. Usually, clients
have a list of CAs that they trust, and a list of personal
certificates to which they have the private keys. If a server
requests a certificate and gives a certain CA, the client can
automatically send the certificate they have f
Hi Goetz,
> At least my c_rehash expects CA certs to have the suffix .pem.
> And since the -CApath param needs hashes generated by c_rehash
> to find the certificates, it will fail...
>
> Fix the extension to .pem, run c_rehash and verify should
> succeed...
Thanks. That does it :-)
Cheers,
Mark wrote:
cat /*.pem >ca.pem
openssl verify -CAfile ca.pem cert_to_check
works, there is something really strange with your system ...
Same error:
error 20 at 0 depth lookup:unable to get local issuer certificate
This indicates that your CA certificate is not in any of the *.pem
files in you
Hi Goetz,
> >> cat /*.pem >ca.pem
> >> openssl verify -CAfile ca.pem cert_to_check
> >> works, there is something really strange with your system ...
> >
> > Same error:
> >
> > error 20 at 0 depth lookup:unable to get local issuer certificate
>
> This indicates that your CA certificate is not
Mark wrote:
Hi Goetz,
But since you are using an own program, this doesn't matter.
Could you do an
c_rehash
openssl verify -CApath cert_to_check
error 20 at 0 depth lookup:unable to get local issuer certificate
If this doesn't work, but a
cat /*.pem >ca.pem
openssl verify -CAfile ca.pem
Hi Goetz,
> But since you are using an own program, this doesn't matter.
>
> Could you do an
> c_rehash
> openssl verify -CApath cert_to_check
error 20 at 0 depth lookup:unable to get local issuer certificate
> If this doesn't work, but a
> cat /*.pem >ca.pem
> openssl verify -CAfile ca.pem
Mark wrote:
Hi Goetz,
Hello Mark,
You point at it in the context before the handshake. You can either
point at a dir full of digest named ones or a specific
root cert file.
Strangely I tried the former which did not work. The latter method
appears to work fine (it connected and exchanged d
Hi Goetz,
> >> You point at it in the context before the handshake. You can either
> >> point at a dir full of digest named ones or a specific
> root cert file.
> >
> > Strangely I tried the former which did not work. The latter method
> > appears to work fine (it connected and exchanged data
Mark wrote:
You point at it in the context before the handshake. You can either
point at a dir full of digest named ones or a specific root cert file.
Strangely I tried the former which did not work. The latter method
appears to work fine (it connected and exchanged data anyway).
did you a
Mark wrote:
in OPENSSL_DIR/ssl/misc is a demo script that does something like
a very small and dump CA...
I don't seem to have this directory.
Replace OPENSSL_DIR with the installation path of your openssl
version...
Bye
Goetz
--
DMCA: The greed of the few outweighs the freedom of the many
Hi Katie,
Thanks again for your help.
> > How does the client get the root certificate? Is it
> automatically sent
> > to the client during the handshake or does the client need
> to load it from some file?
>
> You point at it in the context before the handshake. You can either
> point at a d
On Thu, Nov 24, 2005 at 03:06:05PM -, Mark wrote:
> Hi,
>
> > You load the server cert with SSL_CTX_use_certificate_file()
> > and the CA... certs with SSL_CTX_use_certificate_chain_file()
> > Normally you don't have to load the root because the
> > client has to have the root cert to verify
Hi,
> You load the server cert with SSL_CTX_use_certificate_file()
> and the CA... certs with SSL_CTX_use_certificate_chain_file()
> Normally you don't have to load the root because the
> client has to have the root cert to verify the chain...
How does the client get the root certificate? Is it
On Wed, Nov 23, 2005 at 02:41:17PM -, Mark wrote:
> Thanks Katie,
> I tried your makefile but it did not work for me (I did change the paths
> and fix the missing TABs) but it failed with the error. The rule for
> %.cert
> looks ok to me:
>
> gmake: *** No rule to make target `sv.cert', need
Mark wrote:
Hi,
Hello,
# openssl req -newkey rsa:1024 -keyout nuckey.pem
-keyform PEM -out nucreq.pem -nodes -outform PEM
What are these key files for?
I'm still not sure what these files are for. I guess that the
nuckey.pem is a private key (does this need loading with
SSL_CTX_use_certifi
Thanks Katie,
> And then we say "make certs" and it makes the certificates up to date.
I tried your makefile but it did not work for me (I did change the paths
and fix the missing TABs) but it failed with the error. The rule for
%.cert
looks ok to me:
gmake: *** No rule to make target `sv.cert'
Hi,
> >>> # openssl req -newkey rsa:1024 -keyout nuckey.pem
> >>> -keyform PEM -out nucreq.pem -nodes -outform PEM
> >>>
> >>> What are these key files for?
> >
> > I'm still not sure what these files are for. I guess that the
> > nuckey.pem is a private key (does this need loading with
> > SS
On Tue, Nov 22, 2005 at 01:35:22PM -, Mark wrote:
> Hi,
>
> Thanks for all the help everyone.
>
> > We're signing the certificates for users. They call up the servers and
> > present a certificate which authorises them. The root certificate is
> > stored on the servers, and the fingerprint of
Mark wrote:
Hi,
The following command seems to create a new public and private key:
# openssl req -newkey rsa:1024 -keyout nuckey.pem -keyform PEM -out
nucreq.pem -nodes -outform PEM
What are these key files for?
I'm still not sure what these files are for. I guess that the
nuckey.pem
is
Hi,
Thanks for all the help everyone.
> We're signing the certificates for users. They call up the servers and
> present a certificate which authorises them. The root certificate is
> stored on the servers, and the fingerprint of it is stored in custom
> silicon (so no-one can change the entire h
On Tue, Nov 22, 2005 at 09:14:58AM -, Mark wrote:
> I'm still not sure what these files are for. I guess that the
> nuckey.pem
> is a private key (does this need loading with
> SSL_CTX_use_certificate_chain_file?).
> I guess the nucreq.pem is the public key which requires signing. Do I
> ne
Hi,
> Now a self signed certificate is something like someone saying "I am
> your Trusted Partner. You can trust me because I have a
> passport which I
> issued myself". You can believe in this if for example you
> can check the
> key's fingerprints with your partner over telephone. But if
Mark wrote:
1) you create a private key ( this is the secret key ... )
2) you create a public key corresponding to the private key. This key
can not be reversed to get a private key, tat is the main advantage of
public key cryptography.
Ok. I understand this. Would the following command
> 1) you create a private key ( this is the secret key ... )
>
> 2) you create a public key corresponding to the private key. This key
> can not be reversed to get a private key, tat is the main advantage of
> public key cryptography.
Ok. I understand this. Would the following command do these t
Mark,
I am not sure why you would want to sign the private key but I am sure
there might be a reason some where.
All you should need to sign is the certificate request (cert.req) after
signing the certificate request it is likely that you will want to put
your related certificates and keys i
Hi Dinesh & All,
> Now the different files u need to create for setting up the CA,
>
ok, I think understand the purpose of the files cacert.pem (public key),
private/cakey.pem (private key), index.txt and serial.
What I don't understand is what files require signing and what to do
with the priv
Mark,
I am assuming that you are aware of the need for certificates (need for
public key Cryptography).
Now reg ur query on creating those files to set up a CA, the need for a
CA (in u r client server arch and very simple terms) is to provide all
the clients with some credentials that will provid
Certificates are a lot like pgp keys with one difference the public key
has be wrapped with the Public Key infrastructure (PKI). So a public
cert will not only contain the public key but it will also contain
information about what the key can be used for (signing, encrypting,
server, client, CA
It is possible to use Apache to support multiple SSL protected
sites on one machine.
The trick is to add IP aliases. Each site needs its own IP address,
its own domain and its own certificate. Apache can handle this.
So basically everyone is mostly right ;-).
Erwann ABALEA wrote:
> The problem
On Wed, 5 Dec 2001, Jason Hendriks wrote:
jason> Even with Apache? Surely you can configure the web server to virtual-host
jason> two separate domains both with SSL support?
You can have multiple SSL services (httpd, ipop, etc..) each one
setup on different domains. But you can't have t
The problem is not from Apache or whatever the web server you use. The
point is that named virtual host is not possible with SSL.
The very first thing that comes with an HTTPS connection is the SSL
handshaking, and then the HTTP request. In the SSL handshaking, the server
sends the certificate to
haikel wrote:
>
> I need to develop an application that allows me to update, automaticaly,
> netscape and IE with new certificates and private keys.
IMHO this is not possible in general since the user's certificate
and key database is hopefully protected with his/her passphrase.
If you want to
looking into the latest snapshot it seems that in apps/x509.c
there should be one line added (the last one), or at least
putting the test inside the following if (ok) 'then' branch.
static int MS_CALLBACK callb(int ok, X509_STORE_CTX *ctx)
{
int err;
X509 *err_cert;
lto:[EMAIL PROTECTED]]
> > Sent: 25 January 2001 14:34
> > To: [EMAIL PROTECTED]
> > Subject: Re: Certificates with many Virtual host
> >
> >
> > Reiner Buehl wrote:
> > >
> > > There is a (not recommended) possibility for this: If all
> >
Sent: Thursday, January 25, 2001 7:43 AM
To: [EMAIL PROTECTED]
Subject: Re: Certificates with many Virtual host
Reiner Buehl wrote:
> Hi,
>
> > a) Can I make my on certificate valid for many host names ?
>
> There is a (not recommended) possibility for this: If all of your h
Reiner Buehl wrote:
> Hi,
>
> > a) Can I make my on certificate valid for many host names ?
>
> There is a (not recommended) possibility for this: If all of your hosts
> belong to the same domain you could generate a so called "wildcard certificate".
> This is a certificate with a hostname like '
It appears that you are not using one IP address for each virtual host. Once
you've configured those correctly the error should go away.
-
Happy new Millennium - http://www.rog.nmm.ac.uk/mill/index.htm
John Airey
Internet Systems Support Officer, ITCSD, Royal National Institute for the
Blind,
Ba
IL PROTECTED]
> Subject: Re: Certificates with many Virtual host
>
>
> Reiner Buehl wrote:
> >
> > There is a (not recommended) possibility for this: If all
> of your hosts
> > belong to the same domain you could generate a so called "wildcard
> >
Reiner Buehl wrote:
>
> There is a (not recommended) possibility for this: If all of your hosts
> belong to the same domain you could generate a so called "wildcard
> certificate".
> This is a certificate with a hostname like '*.mydomain.org'
AFAIK this does not work with M$ IE.
Ciao, Michael.
On Tue, Dec 05, 2000 at 02:22:50AM -0500, Jean-Francois Malouin wrote:
> I can now use mutt/uw-imap-2000/openssl with cram-md5 authentication!
> So far I have mutt-1.3.9i on Linux and irix working. Mutt-1.2.5i does
> not seem to like cram-md5 authentication and pine-4.30 (compiled with
> openssl-0
Hello Lutz,
* Lutz Jaenicke ([EMAIL PROTECTED]) [20001129 14:36] thus spake:
[much elition]
>
> Please do a openssl rsa -in privkey.pem -text
> If the data is listed without password, you'r done. If not, the PEM pass
> phrase wanted is the old one needed to decrypt the private key...
woah! Th
Hi Sergio,
thanks for your response. I have some more questions and
would greatly appreciate it if you, or somebody else could
help me some more.
Sergio Rabellino wrote:
> Jacobus van der Merwe wrote:
> > ...
> > [Netscape says certs are accepted for 'People' but there is
> > nothing there]
From: Sasa Vucenovic <[EMAIL PROTECTED]>
svucenovic> I used demo demos/selfsign.c to create X.509v3 certificate
svucenovic> ( a bit modified ). Now, I would like to verify that
svucenovic> certificate with apps/verify.c application but it expects
svucenovic> certificate to be in PEM format.
And
On Mon, 24 Jul 2000, ppruett wrote:
>
> FYI for list users, we to have searched long and hard
> for the steps to be a "bundled root CA"
>
...
>
> I think that it would be a good to have a section on "bundled root CA"
> for Simos' bookon openpki http://ospkibook.sourceforge.net
> If anyone
on being a bundled Root CA-
I suspect that a root CA will some local laws and policies
to adhere to and declare that they adhere to law/policy numbers number
such and such...
Then I suspect the web browsers writers will want a nominal setup fee
$1K + ? to review an application and a couple of
At 04:06 AM 7/24/00, you wrote:
>You can get a trial one (e.g. at Verisign), or build your own CA
You don't need to build your own CA for a single cert, .. a CA is only required (IIUC)
to manage *client certs*.
>I think a good certificate is made of two things, trust (in the CA), and
>availabil
FYI for list users, we to have searched long and hard
for the steps to be a "bundled root CA"
No one seems to be able to give us an answer at Microsoft,
nor locate an accurate URL, guess that is no suprise.
The best we got from Netscape was this URL
http://home.netscape.com/security/caprogram/
At 07:11 AM 7/24/00, you wrote:
>1. Are there free certificates somewhere?
Yes. You can build your own (see the OpenSSL docs for creating a CSRT), .. the only
difference is that you will not have traceability to a root cert, and any users will
get the dialog boxe(s)'do you really trust this sit
On Mon, 24 Jul 2000, Michael Beaucourt wrote:
> Hi,
>
> I'm working on a Redhat Linux 6.1 system (soon 6.2) and I am relatively
> new to SSL. But I will need the technology in the near future for an
> e-commerce solution. Now, after reading some stuff I understand you need
> to buy a server
> > 1. Are there free certificates somewhere?
>
> You can get a trial one (e.g. at Verisign) or build your own CA
If building your own, your customers will need to download your homemade
CA-cert and verify its fingerprint offband somehow. This could be a
solution when having few customers coming
Michael Beaucourt wrote:
> Hi,
>
> I'm working on a Redhat Linux 6.1 system (soon 6.2) and I am relatively
> new to SSL. But I will need the technology in the near future for an
> e-commerce solution. Now, after reading some stuff I understand you need
> to buy a server certificate. I have visite
On Wed, 26 Apr 2000, David Oppenheim wrote:
> Is there a standard way, or has anyone come up with a way, of reasonably
> easily building a certificate into compiled code ? I guess I can think
> of several, but if there's a (semi)standard, I'd rather follow it, and not
> reinvent the wheel.
one
winterlion wrote:
>
> Okay, I'm trying to get a test WWW-server setup.
> And am not ready yet to pick up official cert...
>
> Is it possible to run a test-cert for a short period (and how to limit
> period) that at least netscape 4 will accept (though maybe with a
> warning)?
You could simple u
suvvia ... strings e' uno stupidissimo comando (sotto unix) che estrae
le "stringhe" (null terminate) da un eseguibile
Quindi con "strings " si intende dai il comando
strings passandogli come argomento il nome con cui hai chiamato il netscape
(eseguibile) sul tuo sistema
R.
Massimo Ca
Michael Ströder wrote:
>
> HI!
>
> I'm currently having a hard time integrating support for MS Internet
> Explorer 4+ into my poor man's CA package pyCA.
>
> I managed to generate a certificate request and get the issued
> certificate installed into IE with some small VBScript code.
>
> But I
Olga Antropova wrote:
>
> Hi,
>
> I am in US and have to deal with export regulations on the encryption level.
> Does anyone know how the private/public key length is affected by those?
> Should the keys be 512 bits?
>
Disclaimer: I'm no expert on this (not being in the US) but...
I believe (
On Mon, 28 Jun 1999, Martin Kuba wrote:
> ...
> Thanks you all for help. I have found this link:
> http://www.columbia.edu/~ariel/good-certs/ns45/
> on www.openssl.org which leads to a page
> with certificates extracted from Netscape4.5
you can also try the attached perl script for exporting Net
Or you can just grab them here:
http://www.e-softinc.com/cacerts.txt
These are the certs we've grabbed as part of an SSL
survey that we are compiling. (Compiled from a variety of
sources, including Netscape 4.0, I believe)
Note the URL must be visited directly, it is not visible
by following an
Hallo,
Ups, sorry:
>You could try the folowing:
>1. load Netscape.exe in a editor capable of handling so big binary files.
>
>2. search for the string MIIC
Just search for the string MII.
There should be some non printable char in front of it.
>3. extract everything until the next unprintable c
At 17:27 25.06.99 +0200, you wrote:
Hallo,
>Goetz Babin-Ebell wrote:
>> At 10:01 24.06.99 +0200, you wrote:
>> >I know that major WWW browsers have a set of compiled-in
>> >certificates like Verisign, Thawte etc. I need the same
>> >for my application. Where can I find certificates
>> >for Verisi
EMAIL PROTECTED]]On Behalf Of Massimo Capodicasa
> Sent: Friday, June 25, 1999 5:27 PM
> To: [EMAIL PROTECTED]
> Subject: Re: certificates of major CAs
>
>
>
>
> Goetz Babin-Ebell wrote:
> >
> > At 10:01 24.06.99 +0200, you wrote:
> > >Hi,
> >
Goetz Babin-Ebell wrote:
>
> At 10:01 24.06.99 +0200, you wrote:
> >Hi,
> Hallo,
>
> >I know that major WWW browsers have a set of compiled-in
> >certificates like Verisign, Thawte etc. I need the same
> >for my application. Where can I find certificates
> >for Verisign, Thawte etc. ?
>
> You
At 10:01 24.06.99 +0200, you wrote:
>Hi,
Hallo,
>I know that major WWW browsers have a set of compiled-in
>certificates like Verisign, Thawte etc. I need the same
>for my application. Where can I find certificates
>for Verisign, Thawte etc. ?
You can extract the certificates from Netscape.
They
David A. Lee wrote:
>
> For example, IIS Server and IE and Netscape clients never ask me for
> pass phrases when using certificates. Does this mean as I suspect
> that those products are not really secure ? Or have they found another
> method to protect certificates from copying without requirin
"David A. Lee" wrote:
>
> I'm adding in SSL into a closed-system/product. I'm concerned about the
> protection of the client-side certificates. My (limited) understanding of
> crypto
> says that its critical to protect the client certificate otherwise
> authentication
> is compromised (anyone
92 matches
Mail list logo
