Yeah, self-signed certs are absolutely useful - you just need to be very
careful which ones you trust for what.
Such certs are widely used to provide trust anchor information,
typically of root CAs,
but conceptually and pragmatically, as Jordan also stated below,
they can make much sense even
Yeah, self-signed certs are absolutely useful - you just need to be very
careful which ones you trust for what.
Such certs are widely used to provide trust anchor information,
typically of root CAs,
but conceptually and pragmatically, as Jordan also stated below,
they can make much sense even
Just to update - I found the section in one of the apps that copies the
extensions from the request. I was able to enable the EXT_COPY_ADD and was
able to get my SANS in the cert as well as the request.
On Wed, Apr 24, 2013 at 6:44 PM, Derek Cole wrote:
> Hello,
>
> I have some code which I am
Hello,
I have some code which I am using to generate a CSR and some code which I
am using to generate a cert using my cert authority.
If I view the CSR, I can see that my alt names were added correctly. If I
view the cert itself, the altnames are not there. I had kind of thought
that if I had a C
6:02 PM
To: openssl-users@openssl.org
Subject: accepting self signed
certs
hi..
My
test server has a list of trusted CAs. Now i also want to accept connections
requested by clients with self signed certificates. Any simple way to accept
the self signed certs ?
Thanks
in advance.
Samy
hi..
My test server has a list of trusted
CAs. Now i also want to accept connections requested by clients with self
signed certificates. Any simple way to accept the self signed certs ?
Thanks in advance.
Samy
On Tue, Nov 22, 2005 at 01:39:29PM -, Mark wrote:
> Hi,
>
> > It is still better to have a CA that signs certificates,
> > there are some
> > technical reasons in openssl,
> > it is simpler to program the trust checking, in fact with self signed
> > ce
Hi,
> It is still better to have a CA that signs certificates,
> there are some
> technical reasons in openssl,
> it is simpler to program the trust checking, in fact with self signed
> certs you need callbacks
> to accept them, while with a "trusted" CA, you don&#x
On Fri, Aug 27, 2004, Jim Adams wrote:
> I thought that at first, but I made similar certs with critical Key
> Usage parameters
> using openssl and openssl liked them.
>
If you certificate signing is absent from key usage (critical or not) then
the certificate wont be acceptable as an untrust
]
Subject: Re: Problem with some self-signed certs
Hello Jim,
Jim Adams wrote:
> I am experiencing a problem with self-signed server certificates
> generated by z/OS's pskkyman program in my openssl-enabled telnet
> client. Usually, a self- signed certificate will generate an err
Hello Jim,
Jim Adams wrote:
I am experiencing a problem with self-signed server certificates generated by
z/OS's pskkyman program in my openssl-enabled telnet client. Usually, a self-
signed certificate will generate an error of "self-signed certificate" in my
certificate verify callback routine.
Hello,
I am experiencing a problem with self-signed server certificates generated by
z/OS's pskkyman program in my openssl-enabled telnet client. Usually, a self-
signed certificate will generate an error of "self-signed certificate" in my
certificate verify callback routine. If I add the certi
-users@Subject: Newbie question, extending
life of self-signed certs beyond 30 days.
opens
Hi,
I have a RH 7.2 system running Apache 2.0.39 and
openssl-0.9.6b-8.
I used the openssl utilities to create a private key
and a self-signed certificate.
I noticed that my browser showed the certiciate having
a validity of only a month, so I went to the
/usr/share/ssl/openssl.cnf file and changed
Yeah, IE will complain. And how would people know
you are who you say you are.
thanks !
Aditya Roy
- Original Message -
From:
Darren Smith
To: [EMAIL PROTECTED]
Sent: Friday, March 15, 2002 06:44
PM
Subject: Self-signed certs
Hello All,
Are there any
Hello All,
Are there any inherent dangers in using
self-signed certificates over those available from Thawte, VeriSign,
etc?
Thanks.
On Thu, Mar 14, 2002 at 09:53:22AM -0800, Randy Bias wrote:
> The situation:
>
> - Running openssl-0.9.6b, apache-1.3.22+ssl, prngd-0.9.23.
> - Attempting to created self-signed cert for Apache-SSL
> server.
> - prngd is running:
>
> root 569 1 0 Mar 12 ?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gentlepeoples,
I'm sure this question has been asked many times, but unfortunately,
I can't seem to find any very good information on the subject. I've
looked at openssl sites/FAQs, apache-ssl, and others, but it's just
plain missing. So
On 18 Feb 2002 at 9:48, Göran Fröjdh wrote:
> Hello.
> I'm running a small Intranet with various clients (Win32, Linux, Mac OSX).
> Now, I want to provide access via client certificates which I sign with my
> own CA.
>
> Everything works just fine when generating pkcs12 certifcates which are
> i
Hello.
I'm running a small Intranet with various clients (Win32, Linux, Mac OSX).
Now, I want to provide access via client certificates which I sign with my
own CA.
Everything works just fine when generating pkcs12 certifcates which are
imported automatically in IE 5.x/6.x on Win 32. However, I c
Additionally since it is a self signed certificate place it in both the "My"
store and the "Root" store.
Ryan
-Original Message-
From: Ryan Hurst [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 14, 2001 4:33 PM
To: '[EMAIL PROTECTED]'
Subject: RE: Im
using the MMC Certificate Management tool to import
the certificate instead.
Ryan
-Original Message-
From: Tony Lill [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 14, 2001 2:27 PM
To: [EMAIL PROTECTED]
Subject: Importing self-signed certs into Outlook
I've managed to get
Dr S N Henson wrote:
> Oops, didn't read the query enough. It may well not be possible to
> actually use a self signed user certificate. Netscape also has problems
> with this in that the same certificate has to be a user and CA
> certificate. You may have to create a self signed root CA and sign
Dr S N Henson wrote:
>
> Tony Lill wrote:
> >
> > I've managed to get outlook to work with stunnel and a self signed
> > certificate for both sending and recieving mail. The only problem is
> > that outlook keeps whining about not being able to verify the cert
> > because the root certificate is
Tony Lill wrote:
>
> I've managed to get outlook to work with stunnel and a self signed
> certificate for both sending and recieving mail. The only problem is
> that outlook keeps whining about not being able to verify the cert
> because the root certificate is not trusted.
>
> I tried importing
I've managed to get outlook to work with stunnel and a self signed
certificate for both sending and recieving mail. The only problem is
that outlook keeps whining about not being able to verify the cert
because the root certificate is not trusted.
I tried importing it with the Certificate Manager
i wonder if it's possible to tell Internet Explorer to trust self-signed
certs(aka test certs).. Netscape Navigator/Communicator 3 or above lets me
to do this (trust cert for session/until cert expires) but IE seems complain
everytime (issuer of cert unknown - cant establish secure conne
Hello, I create dsa self-signed certs with the following
sequence:
openssl dsaparam -rand rand.txt -out keys\dsa2.par
1024 openssl req -config CAconf.conf -x509 -newkey dsa:keys\dsa2.par
-keyout keys\dsa2.prk -out certs\dsass2.pem -days 730 -extensions v3_ca -passin
pass:MyTailorIsRich
Sorry if this is a
little off topic...
I'm hoping someone
has had the experience of using self signed certs for use with the Oracle
Application Server(uses Spyglass webserver). Need to do this for testing
SSL enablement of OAS, before moving to production. After signing (with
op
I believe that the following command should do what you need. It's not
described in detail in the openssl docs (that I could see), but if you RTFM
the docs for related packages, it soon becomes apparent.
openssl req -new -x509 -nodes -out .pem -keyout .pem \
-days 999
Anybody else know of a bett
30 matches
Mail list logo
