On Wed, 2003-12-17 at 05:02, Jon Barber wrote:
> Probably your best bet is OpenSCEP : http://openscep.othello.ch/ Having
> said that, openca looks very promising and has SCEP support in the CVS
> tree at the moment. OpenSCEP is quite lightweight & specific, whereas
> OpenCA is trying to be a ful
I dunno, I'm only about halfway through the Vesperman CVS book,
but when I used google to find openca and tried to find the
openca/openscep stuff I found that the HEAD version had been
removed from the archive, and that the versions in .attic
(:-) were merely half-page stubs.
Maybe I was at the wro
Peter Sylvester wrote:
Besides this, the protocol description itself demonstrates a very
interesting knowledge of HTTP. :-(
The hard coded URL cgi-bin/pkiclient.exe is not the worst part.
Which Cisco themselves seem to ignore. You can give an optional path to
the URL on the PIX, although it
Charles B Cranston wrote:
So, am I right that OpenSSL has the means to make these PKCS7 files
and the only new code development would be a network program to open
connections and send and receive the appropriate stuff?
Yes. The hardest part (and it isn't that hard) is assembling /
disassembling
> The projects I looked at that have SCEP are openca, ejbca and openscep.
> I also looked at Sun Certificate Server (now discontinued) and ended up
> using Microsoft Certificate Services on Win2000. RSA Keon CA supports
> SCEP, but I'm not rich enough to buy it.
>
I just remember that one pr
So, am I right that OpenSSL has the means to make these PKCS7 files
and the only new code development would be a network program to open
connections and send and receive the appropriate stuff?
I wonder if some of the code could be cribbed fro some of those
projects. Are any of them open source :-)
Charles B Cranston wrote:
Sorry for my ignorance, could you post a reference to SCEP? What would
it take to manhandle a standard certificate into this format? Or is it
a lot more difficult than that?
SCEP is a standard proposed by Cisco (Simple Certificate Enrollment
Protocol) see http://www.ci
CA has
format xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx.
Any suggestion on this problem?
All advice are greatly appreciated. Thank you.
- Original Message -
From: [EMAIL PROTECTED]
Date: Tuesday, December 16, 2003 10:02 am
Subject: RE: Sign PIX certificate using OpenSSL CA
> > -Original
Sorry for my ignorance, could you post a reference to SCEP? What would
it take to manhandle a standard certificate into this format? Or is it
a lot more difficult than that?
Jon Barber wrote:
[EMAIL PROTECTED] wrote:
I'm assuming you mean a Pix Firewall version 6.3.x. I don't think
there is a
w
[EMAIL PROTECTED] wrote:
I'm assuming you mean a Pix Firewall version 6.3.x. I don't think there is a
way to get a certificate onto a Pix, as the "ca" commands can only create
certificates.
The only way to get a cert is via SCEP. There are only a handful of CAs
that support SCEP, and no open
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: 16 December 2003 14:34
> To: [EMAIL PROTECTED]
> Subject: Sign PIX certificate using OpenSSL CA
>
>
> I would like to sign a certificate created by pix firewall
> using OpenSSL C
I would like to sign a certificate created by pix firewall using OpenSSL CA server.
My current set up is: the OpenSSL CA server is
Network 1-- Router -- PIX Firewall Network 2
(CA server) VPN tunnel
I have established VPN tunnel between router
12 matches
Mail list logo
