Re: Self signed cert authorization

Jakob Bohm via openssl-users writes: > 2. cd to /etc/ssl/certs and run the command > /etc/sssl/certs# c_rehash > (This updates the numeric symlinks to certificates so openssl can > more easily find them). Thanks, I ended up finding c_rehash and that did the trick.

Re: Self signed cert authorization

s and that should fix it, but it doesn't. Even without > doing this, and using -verify_return_error, openssl s_client does not > refuse to connect to the server. Why is this and what else do I have to > do to convince the system that this self signed cert is OK? what distrib

Re: Self signed cert authorization

esn't. Even without doing this, and using -verify_return_error, openssl s_client does not refuse to connect to the server. Why is this and what else do I have to do to convince the system that this self signed cert is OK? Three suggestions, depending on what git send-email and your system do

Self signed cert authorization

and using -verify_return_error, openssl s_client does not refuse to connect to the server. Why is this and what else do I have to do to convince the system that this self signed cert is OK?

Re: [openssl-users] Self signed cert issue

I created the CA, then created the key for a Server then created a server.csr and generated the cert. openssl genrsa -out HOME_Root_CA.key 2048openssl req -x509 -new -nodes -key HOME_Root_CA.key -sha256 -days 3650 -out HOME_Root_CA.pemopenssl x509 -in HOME_Root_CA.pem -noout -text # Create priva

Re: [openssl-users] Self signed cert issue

On 15-09-17 15:58, Richard Olsen wrote: > I missed putting in the email  that i created all the certs as listed > below. SO i have the CA, Server and Client certs created. And tried to > do the pfx file for authentication with a "Soft cert" where i'll have to > configure later for a "hard cert" s

Re: [openssl-users] Self signed cert issue

I missed putting in the email that i created all the certs as listed below. SO i have the CA, Server and Client certs created. And tried to do the pfx file for authentication with a "Soft cert" where i'll have to configure later for a "hard cert" smartcard. ### Options fed into certs ## Country

Re: [openssl-users] Self signed cert issue

Sorry I left out half of my message. I created from CA down. As listed below. ### Options fed into certs ## Country Name (2 letter code) [XX]:US ## State or Province Name (full name) []:STATE ## Locality Name (eg, city) [Default City]:City ## Organization Name (eg, company) [Default Company L

Re: [openssl-users] Self signed cert issue

On 15-Sep-2017 06:24, Richard Olsen wrote: > When i click on advanced i see > > "host.local.com uses and invalid security certificate. The certificate is > not trusted because the issuer certificate is unknown. The server might not > be sending the appropriate intermediate certficates. An addistio

Re: [openssl-users] Self signed cert issue

On 15-09-17 15:24, Richard Olsen wrote: > "host.local.com uses and invalid security > certificate. The certificate is not trusted because the issuer > certificate is unknown. The server might not be sending the appropriate > intermediate certficates. An addistional root cert

[openssl-users] Self signed cert issue

I've run out of ideas on this and hope someone here can help me. I'm trying to set up SSL with self signed certificates. I'm on RHEL6 with httpd 2.2.15-60.el6.9_5 using firefox browser. I've created the certs with the following code: [CODE] ### Options fed into certs ## Country Name (2 letter co

[openssl-users] Updating (re-issuing) self-signed cert with keyid, issuer, serial AKI

Hi. I have the following certificate (below) and I’m trying to generate a new self-signed cert from it, but when I do so the issuer+serial get dropped from it. Looking at the CSR that gets generated as an intermediate step, I’m not seeing that information there. What do I need to do to "

Re: [openssl-users] Self signed cert issues

On Mon, Sep 19, 2016 at 06:55:37AM -0400, shawn wilson wrote: > End goal - I don't want the machine (curl, wget, git, etc) to throw errors > when accessing a site that I trust (ie, within the company). When you add a certificate to the trust store (CAfile or CApath), it will be a trust-anchor for

[openssl-users] Self signed cert issues

End goal - I don't want the machine (curl, wget, git, etc) to throw errors when accessing a site that I trust (ie, within the company). [root@srwilson-centos7 anchors]# openssl s_client -showcerts -connect site.com:443 /dev/null|openssl x509 -outform PEM > site_git.pem [root@srwilson-centos7 ancho

RE: Firefox unhappy with my self signed Cert

>From: owner-openssl-us...@openssl.org On Behalf Of Derek Cole >Sent: Friday, 12 October, 2012 11:51 >As some additional info, I am suspecting this may be an issue with my config file. >I am using the same config file I used to set up my certificate authority, >which has under [ req ] a

Re: Firefox unhappy with my self signed Cert

As some additional info, I am suspecting this may be an issue with my config file. I am using the same config file I used to set up my certificate authority, which has under [ req ] a couple of values plugged in - for one, prompt=no, because I didnt want it to prompt me for values. It also has a v

RE: Firefox unhappy with my self signed Cert

>From: owner-openssl-us...@openssl.org On Behalf Of Derek Cole >Sent: Friday, 12 October, 2012 17:06 >Interesting. While I was playing around with this, I actually >noticed that if I use the -subj option on the CSR, I am not able >to do this. I was able to get it working by adding the common nam

Re: Firefox unhappy with my self signed Cert

Interesting. While I was playing around with this, I actually noticed that if I use the -subj option on the CSR, I am not able to do this. I was able to get it working by adding the common name on the actual cert generation from that CSR. The config file was modified so that for my priority_match,

RE: Firefox unhappy with my self signed Cert

>From: owner-openssl-us...@openssl.org On Behalf Of Derek Cole >Sent: Friday, 12 October, 2012 11:22 >So I think you were right. I used a command to view the CSR >that I generated with the following: >openssl req -new -nodes -subj "/CN=www.myserver.com" -out /tmp/file.csr >-keyout /tmp/privkey.c

Re: Firefox unhappy with my self signed Cert

So I think you were right. I used a command to view the CSR that I generated with the following: openssl req -new -nodes -subj "/CN=www.myserver.com" -out /tmp/file.csr -keyout /tmp/privkey.csr -config /my/openssl.cnf when I do this though, I noticed that my subject line, which I view with opens

Re: Firefox unhappy with my self signed Cert

> > -Original Message- > From: owner-openssl-us...@openssl.org > [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson > Sent: Thursday, October 11, 2012 5:13 PM > To: openssl-users@openssl.org > Subject: RE: Firefox unhappy with my self signed Cert > > >

RE: Firefox unhappy with my self signed Cert

11, 2012 5:13 PM To: openssl-users@openssl.org Subject: RE: Firefox unhappy with my self signed Cert >From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills >Sent: Thursday, 11 October, 2012 19:40 Some minor points: >How do you specify the name (URL) of the Web site in Firefox?

RE: Firefox unhappy with my self signed Cert

>From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills >Sent: Thursday, 11 October, 2012 19:40 Some minor points: >How do you specify the name (URL) of the Web site in Firefox? >Do you use exactly the same name as you use with the test client >(and the name in the certificate)? OP's

RE: Firefox unhappy with my self signed Cert

>From: owner-openssl-us...@openssl.org On Behalf Of Derek Cole >Sent: Thursday, 11 October, 2012 19:03 >i have a server that is running a custom app that can accept >a SSL connection. I generate a cert on each server, that is >signed by my own CA. I tested whether this worked or not by >using t

Re: Firefox unhappy with my self signed Cert

On 12 Oct 2012, at 1:40 AM, "Charles Mills" wrote: > How do you specify the name (URL) of the Web site in Firefox? Do you use > exactly the same name as you use with the test client (and the name in the > certificate)? > > Firefox is saying the certificate is for myserver but you are specifyi

Re: Firefox unhappy with my self signed Cert

On 12 Oct 2012, at 1:03 AM, Derek Cole wrote: > I installed my_server_cert.pem as a trusted authority in firefox, however, it > still prompts that it is an "Untrusted Connection" and has the button to add > security exception. When I click this button, I noticed that under > Certificate Status

RE: Firefox unhappy with my self signed Cert

: Thursday, October 11, 2012 4:03 PM To: openssl-users@openssl.org Subject: Firefox unhappy with my self signed Cert Hello, I sort of posted about this earlier, but I think this is a more concise question (as the previous replies were helpful for me to start debugging the problem). i have a

Firefox unhappy with my self signed Cert

Hello, I sort of posted about this earlier, but I think this is a more concise question (as the previous replies were helpful for me to start debugging the problem). i have a server that is running a custom app that can accept a SSL connection. I generate a cert on each server, that is signed by

Rertrieving a public key from a self signed cert

Hi Cool SSL people. I am trying to extract the public key of a self signed cert…Here is how I am doing, and what the problem is: I set a verify call back function, in which I do: X509 *cert = X509_STORE_CTX_get_current_cert(x509_ctx); int depth = X509_STORE_CTX_get_error_depth(x509_ctx

RE: self signed cert verification is failed

thanks a lot for the answer. that makes sense. Dave Thompson-5 wrote: > > OpenSSL implements a self-signed cert as issued by itself > (which it kind of is) and so won't recognize it if > KeyUsage is present and does not allow keyCertSign. > -- View this messa

RE: self signed cert verification is failed

> From: owner-openssl-us...@openssl.org On Behalf Of Pingzhong Li > Sent: Monday, 20 February, 2012 14:55 > To: openssl-users@openssl.org > Subject: self signed cert verification is failed > we have a server which has a self signed certificate, however > when we tried > to u

self signed cert verification is failed

verify the first certificate) --- Attached is the ca file which has the self signed cert http://old.nabble.com/file/p33359051/serverCert.pem serverCert.pem . We used self signed cert before and we didn't see any verification issues before. I am thinking that it might be that openssl doesn

Re: strange behavior of self signed cert ???VeriSign Class 3 Public Primary Certification Authority - G5???.

cert expired problem. So not sure if this luck is related with depth of the verification (depth: 2 vs 3). -- View this message in context: http://old.nabble.com/strange-behavior-of-self-signed-cert-%E2%80%9CVeriSign-Class-3-Public-Primary-Ce

Re: strange behavior of self signed cert ???VeriSign Class 3 Public Primary Certification Authority - G5???.

On Wed, Dec 22, 2010, Pingzhong Li wrote: > > Didn't see any reply, thought I will ask one simpler questions again. > > If for one root Certificate, there are both expired and unexpired cert (same > DN) at the CA file, which one will be used during certificate verification? > >From testing, if t

Re: strange behavior of self signed cert “VeriSign C lass 3 Public Primary Certification Authority - G5”.

nabble.com/strange-behavior-of-self-signed-cert-%E2%80%9CVeriSign-Class-3-Public-Primary-Certification-Authority---G5%E2%80%9D.-tp30506166p30507116.html Sent from the OpenSSL - User mailing list archive at Nabble.com.

strange behavior of self signed cert “VeriSign Cla ss 3 Public Primary Certification Authority - G5”.

uth ority - G5 i:/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority Just wonder what sequence openssl is used to build up the certification verification chain. Is this an openssl bug? Do you see this problem before? Really appreciated. Thanks, Pingzhong Li --

Re: self-signed cert without private key file

carock wrote: Unfortunately, I'm dealing with an HP Proliant server. Specifically the iLO interface which is a backend management device embeded in the server. This device has it's own SSL cert from the factory. With the latest rounds of updates from Firefox, that browser now complains "my cert

Re: self-signed cert without private key file

ivate one such as "serverfoo.local". > > Where are you getting the CSR from if you don't have a private key? > > Regards, > Graham > -- > > > -- View this message in context: http://www.nabble.com/self-signed-cert-without-private-

Re: self-signed cert without private key file

carock wrote: Can the same process be duplicated without going commercial? I need a certificate that doesn't use a FQDN for the common name and I haven't found a commercial one that allows that. Set up your own CA, and issue your own certificates to your own requirements. The problem then boi

Re: self-signed cert without private key file

ributed in the form of root certificates.) -Kyle H -- View this message in context: http://www.nabble.com/self-signed-cert-without-private-key-file-tp22609395p22621760.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __

Re: self-signed cert without private key file

3:25 PM, carock wrote: > > I need to generate a self-signed certificate from a normal CSR file. I don't > have the private key that goes with the CSR though. > > All of the examples for generating a self-signed cert have the private key > file listed in the command string. I

self-signed cert without private key file

I need to generate a self-signed certificate from a normal CSR file. I don't have the private key that goes with the CSR though. All of the examples for generating a self-signed cert have the private key file listed in the command string. I tried running it without it and it fails though.

Re: Verisign CA Self-Signed Cert Error?

I am using s_client and s_server right now and it is working for me. I specify the -certs file and the CAfile for the root. Josh wrote: Hello, We are getting an odd self-signed cert error when using openssl s_client to test the connection for a web service on an internal server. This

Verisign CA Self-Signed Cert Error?

Hello, We are getting an odd self-signed cert error when using openssl s_client to test the connection for a web service on an internal server. This service is protected by a Verisign certificate. Hitting the service with a web browser indicates a completely secure chain. How do we present

Re: EVP_Verify on self signed cert

Alfred Thomas wrote: Hi all Is the following supposed to work if testcert.pem is a selfsigned cert that failes with error 18 when I do openssl verify testcert.pem I want to ignore the fact that it is an untrusted cert and read the public key regardless. X509 * x509; EVP_MD_CTX md_ctx; cons

EVP_Verify on self signed cert

Hi all Is the following supposed to work if testcert.pem is a selfsigned cert that failes with error 18 when I do openssl verify testcert.pem I want to ignore the fact that it is an untrusted cert and read the public key regardless. X509 * x509; EVP_MD_CTX md_ctx; const unsigned char * sig_b

Re: self signed cert - error : unknown CA

ect Re: self signed cert - error : unknown CA Classification On 2/2/06, Alain Damiral <[EMAIL PROTECTED]> wrote: > OK I understand. > > By subsequent transactions I originally thought you meant during the > same session. > > I apologize for diverting from the

Re: self signed cert - error : unknown CA

On 2/2/06, Alain Damiral <[EMAIL PROTECTED]> wrote: > OK I understand. > > By subsequent transactions I originally thought you meant during the > same session. > > I apologize for diverting from the problem of the original poster. > > Maybe I can redeem myself by pointing to the example callback fu

Re: self signed cert - error : unknown CA

OK I understand. By subsequent transactions I originally thought you meant during the same session. I apologize for diverting from the problem of the original poster. Maybe I can redeem myself by pointing to the example callback function: http://www.openssl.org/docs/ssl/SSL_CTX_set_verify.htm

Re: self signed cert - error : unknown CA

Diffie-Hellman key exchange is a means of creating a session key in a manner that's not easily reversible by an eavesdropper, not a means of authentication. The public/private keypair is the only means of authenticating an anonymous third party as being that specific anonymous third party, and not

Re: self signed cert - error : unknown CA

One needs to call a verify call back and set an appropriate return code. The server might well accept things and give a temporary and lmimitred access, the self signed cert can be stored, an admin validates, etc. It can also be that the server is actually a person that accepts or not

Re: self signed cert - error : unknown CA

Kyle Hamilton wrote: Self-signed certificates are good for one thing, at least: They ensure that subsequent transactions are with the same entity (the same keypair is used), even if no other piece of data in the certificate is trustworthy. Doesn't Diffie-Hellman key exchange ensure that this is

Re: self signed cert - error : unknown CA

t; SSL_VERIFY_FAIL_IF_NO_PEER_CERT > > # SSL_CTX-set_client_CA_list( ctx, cafile) > > > > things are fine when the client request for a connection with a > > certificate signed by one of the listed CAs (in the cafile) > > > > For some reasons I also wish to accept

Re: self signed cert - error : unknown CA

igned certs( user needs to decide to accept or not ). So when a client comes up with a self signed cert , the server reports ' unknown ca ' error. I understand that this is b'coz it is not signed by trusted CA. All i want to know is what needs to be done on server side to accept

self signed cert - error : unknown CA

signed by one of the listed CAs (in the cafile) For some reasons I also wish to accept self signed certs( user needs to decide to accept or not ). So when a client comes up with a self signed cert , the server reports ' unknown ca ' error. I understand that this is b'coz it i

Re: Self signed cert

Gerard Earley wrote: Can you recommend any cheap certificate issuers in the price range you mention and whether any will issue a cert for an IP address (if that's possible). I have been happy with RapidSSL, because they are single root, easy to install, and the purchase process is convenient

Re: Self signed cert

Jorey Bump wrote: > Brent Clark wrote: > >> Out of interest, is there anyone on this list using a self sighned >> cert with a mailserver on the internet, using TLS. >> >> The reason I ask this, is because I dont want to have to pay verislim >> and co, for something I know I can do myself. >> If any

Re: Self signed cert

Brent Clark wrote: Out of interest, is there anyone on this list using a self sighned cert with a mailserver on the internet, using TLS. The reason I ask this, is because I dont want to have to pay verislim and co, for something I know I can do myself. If anyone is using / doing this, have ha

Self signed cert

Hi all Out of interest, is there anyone on this list using a self sighned cert with a mailserver on the internet, using TLS. The reason I ask this, is because I dont want to have to pay verislim and co, for something I know I can do myself. If anyone is using / doing this, have had any problem

Server self signed cert

I create my own CA and server certificate together with client certificate. Is there a way to kept the self signed server certificate to trusted root certification authorities? --- Glynn --- __ OpenSSL Project

Re: Self signed cert

On Thu, 2002-05-30 at 15:26, Darrin Powell wrote: > I have setup a self signed cert for my linux email server. When I > connect it says the cert is not valid. Did I do something wrong with the > signing of the cert? Or does it have to be provided by a cert provider > such as thawte

Re: Self signed cert

Darrin Powell wrote: > > I have setup a self signed cert for my linux email server. When I > connect it says the cert is not valid. Did I do something wrong with the > signing of the cert? Or does it have to be provided by a cert provider > such as thawte to be valid? > Hi!

Self signed cert

I have setup a self signed cert for my linux email server. When I connect it says the cert is not valid. Did I do something wrong with the signing of the cert? Or does it have to be provided by a cert provider such as thawte to be valid? Thanks -- Darrin Powell System Administrator LSSi, Corp

Re: Importing Self Signed Cert in Oracle 8i - PROBLEM SOLVED

I removed all x509 occurrences in openssl.cnf removed all x509 extensions like CA:true etc from cnf file. Generated a 512 bit CA key & Cert with only O,OU,C . Was able to import it into Oracle Also signed a CSR Able to import user certificate into oracle. Thanx a lot guys, especially Geof

Re: Importing Self Signed Cert in Oracle 8i

Hi there, I have no idea what it is that is bothering Oracle 8i about your cert(s) so I can simply make guesses here ... On Tuesday 20 November 2001 02:32, viswanath wrote: > Here are the differences found > >MY CERT|VERISIGN > > 1) 1024-bit

Re: Importing Self Signed Cert in Oracle 8i

Here are the differences found    MY CERT                        |       VERISIGN 1) 1024-bit                               1) 512-bit 2) serial no. 0                            2) serial no. 52:a9:f4:24:da:67:4c:9d:af:4f:53:78:52:ab:ef:6e 3) has C,L,ST,O,OU,CN          3) has O,OU,OU

Re: Importing Self Signed Cert in Oracle 8i

On Tuesday 20 November 2001 00:20, viswanath wrote: > But the self signed certificate that has been generated contains the > following > > X509v3 Basic Constraints: > CA:TRUE > X509v3 Key Usage: > Certificate Sign, CRL Sign > Netscape Cert Type: > S

Re: Importing Self Signed Cert in Oracle 8i

ED]] >Sent: Tuesday, 20 November 2001 4:43 >To: openssl users >Subject: Importing Self Signed Cert in Oracle 8i > > >Hi, > trying to import self signed cert in Oracle 8i but it is not >accepting it. Error msg given is "Not

RE: Importing Self Signed Cert in Oracle 8i

views expressed in this e-mail may not be necessarily the views of SOPAC. -Original Message- From: viswanath [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 20 November 2001 4:43 To: openssl users Subject: Importing Self Signed Cert in Oracle 8i Hi, trying to import self signed cert in O

Importing Self Signed Cert in Oracle 8i

Hi, trying to import self signed cert in Oracle 8i but it is not accepting it. Error msg given is "Not a trusted certificate". But it accepted the versign root certificate. So wat could be the problem? t

Creating a self-signed cert to be used for authentication

I've been poking around the mailing list archives and haven't found anyone trying to do this, but it's probably that I am searching on the wrong terms. I've been creating normal certificate requests and keys for quite a while, but now I need to set up 'certificate based authentication' as describe

Client Authentication: error 19: self-signed cert

Hi, I am using Openssl in my client, and Apache-ssl in my content server. I am using a test cert signed by verisign to authenticate my client. But my server is refusing it, using error 19: self-signed certificate. It is confusing because it is not a self-signed cert at all, but a normal cert

"make test" hangs, when converting cert req into a self signed cert

Hi, I´ve compiled openssl-0.9.5a with shared libs under linux (make linux-shared). After installing the shared libs I ran "make test". Most of the tests just seem to be o.k., but when it comes to the generation of a self signed cert from a certificate request generated by the test

Using a Self-Signed Cert for CSR's

Hi I have derived code to produce a Private Key and a Self-Signed Certificate Pair (rather than a straight Private/Public key pair). What I need to do is to use the Private Key to sign the CSR, and the Self-Signed Cert as my public key submitted within the CSR. Private KeySelf-Signed

Re: creating a dummy self signed cert

> > probably a simple question... > How are you using openssl? With mod_ssl in an apache web server? You might try asking this question on the [EMAIL PROTECTED] list: I've found that the documentation between the two, modssl vs. openssl, is not quite consistant. > and one that has been asked o

Re: creating a dummy self signed cert

keeps expiring every > month (I'm too cheap to pay for a real one for a simple fun project of mine). How > can I set the expiration date on a self signed cert. For some reason, I the ones > I sign keep expiring after a month exactly. use the -days option of openssl when signing the cer

Self-signed cert vs. Navigator 4.06?

I'm trying to generate a simple self signed cert that Navigator will accept but it's not working. Navigator pops up a window that says "The security library has encountered an improperly formatted DER-encoded message." What am I missing? The cert generation a