Re: Certificate authority changes with OpenSSL

On Thu, Mar 17, 2022 at 07:51:43PM +0100, egoitz--- via openssl-users wrote: > I think that is the problem, the sha1. That's the specific issue being reported. > So... I have built Openssl 3.0.2 There's no reason for OpenSSL 3.0.2, that might just tighten the restrictions further. OpenSSL 1.0.

RE: Certificate authority changes with OpenSSL

> From: openssl-users On Behalf Of > egoitz--- via openssl-users > Sent: Thursday, 17 March, 2022 12:52 > 1 - Is it possible to update a whole CA with 2048 bit public and private keys > (I used in req section of openssl.conf, the default_bits to 2048) to a > Signature > algorithm that don't bot

Certificate authority changes with OpenSSL

Good morning, We are running our own home ca, for generating certificates for our backup system. The new operating systems being recently backed up, have started saying : _OPENSSL.C:67-0 JCR=0 ERROR LOADING CERTIFICATE FILE: ERR=ERROR:140AB18E:SSL ROUTINES:SSL_CTX_USE_CERTIFICATE:CA MD TOO WEAK

Re: certificate authority

reuse openssl with a C code to make a certificate > authority entity that create certificate if any one know how can i begin > with this project i need help to finish my master degree please > > -- > Warmest regards and best wishes for a goo

certificate authority

Dear all i'm new to openssl i want use it with network simulator NS3 i just want steps to begin to reuse openssl with a C code to make a certificate authority entity that create certificate if any one know how can i begin with this project i need help to finish my master degree p

Re: Certificate Authority: deamon and or iptables?

On 10/2/2012 9:42 AM, Darod Zyree wrote: Greetings, I am confused about something and I could not find the information I was looking for. We are planning to set up our own Certificate Authority server on our internal network. After having read several how-to’s, and other documentation on how

Re: Certificate Authority: deamon and or iptables?

for. > > We are planning to set up our own Certificate Authority server on our > internal network. > After having read several how-to’s, and other documentation on how to > set up such a server, we are left with two questions: > > 1) Which daemon/service needs to be running for a

Re: RE: Problems verifying certificates generated by Microsoft Certificate Authority and timestamping

On 2009.06.04 at 09:04:11 +1000, Brad Mitchell wrote: > > The reason we use command-line utilities to verify is for transparency. > Data could be used in the courts for example and having that "hey.. go > download openssl and verify it yourself" is a lot better than.. here is a > util we wrote to

RE: Problems verifying certificates generated by Microsoft Certificate Authority and timestamping

Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Randy Turner Sent: Thursday, 4 June 2009 1:07 AM To: openssl-users@openssl.org Subject: Re: Problems verifying certificates generated by Microsoft Certificate Authority and timestamping H

Re: Problems verifying certificates generated by Microsoft Certificate Authority and timestamping

roblems verifying certificates generated by Microsoft Certificate Authority and timestamping Hi, I’ve been trying to get Time Stamping working where the CA issuing the Time Stamping certificate is issued by a Microsoft Windows Server 2003 Enterprise CA. I’ve had success in terms of b

RE: Problems verifying certificates generated by Microsoft Certificate Authority and timestamping

er-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Brad Mitchell Sent: Wednesday, 3 June 2009 11:15 AM To: openssl-users@openssl.org Subject: Re: Problems verifying certificates generated by Microsoft Certificate Authority and timestamping Hi, I've bee

Re: Problems verifying certificates generated by Microsoft Certificate Authority and timestamping

Hi, I've been trying to get Time Stamping working where the CA issuing the Time Stamping certificate is issued by a Microsoft Windows Server 2003 Enterprise CA. I've had success in terms of being able to actually sign the digest and I actually have a certificate with the purpose of Time Sta

Re: own Certificate Authority: Renewal of CA cert

Hi, in short I think in your -signkey command you need to add -enddate. * Andreas Grimmel wrote on Mon, Mar 24, 2008 at 17:28 +0100: > > That depends on what you need to do by policy for renewal. > > There is no such thing as "technical renewal" - there is only > > policy based. Since this sounds

Re: own Certificate Authority: Renewal of CA cert

Well again folks, thanks once more for your comprehensive help. Larry Bugbee schrieb: On Mar 24, 2008, at 9:28 AM, Andreas Grimmel wrote: I found this command somewhere in a forum: openssl x509 -in cacert-old.pem -days 1460 -out cacert-new.pem -signkey private/cakey.pem - in my understandin

Re: own Certificate Authority: Renewal of CA cert

On Mar 24, 2008, at 9:28 AM, Andreas Grimmel wrote: I found this command somewhere in a forum: openssl x509 -in cacert-old.pem -days 1460 -out cacert-new.pem - signkey private/cakey.pem - in my understanding, this command takes the old cert, changes the validity to four more years (1460 da

Re: own Certificate Authority: Renewal of CA cert

Hi Patrick, thanks a lot for this whole lot of useful information. Now let me see if I got you right: Patrick Patterson schrieb: - First of all, is there any HowTo that deals not only with creaton, but also with the renewal of self-signed CA certs in detail? That depends on what you

Re: own Certificate Authority: Renewal of CA cert

Hi Andreas: Andreas Grimmel wrote: > Hello list, > > I got one big problem for now: My self-signed CA cert will expire in > about one month. I installed it 4 years ago and never minded about, but > now I have to renew it. > The Creation of a whole new CA and client certificates isn't possible >

own Certificate Authority: Renewal of CA cert

Hello list, let me say first that I'm not too deep into the secrets of openssl, I just like it as being a stable, great-working software for all concerns of dealing with encryption and especially x.509 certificates for my VPN connections, webservers, and so on. I got one big problem for now:

Web-interface for Certificate Authority!

Hi, Could you let me know, is web-interface supported for certificate authority (open-ssl)?. If so,let me know,how do I get that? Desperately waiting for your response. -Ramprasad.

Re: certificate authority in handshake?

dump examples: >>>> >>>> Their server sends a certificate request like this: >>>> >>>> 1 4 0.2734 (0.0064) S>C Handshake >>>> CertificateRequest >>>> certificate_types rsa_sign >&

re: certificate authority in handshake?

heir server sends a certificate request like this: > > > > > > 1 4 0.2734 (0.0064) S>C Handshake > > > CertificateRequest > > > certificate_types rsa_sign > > > certificate_types

re: certificate authority in handshake?

tificate request like this: > > > > 1 4 0.2734 (0.0064) S>C Handshake > > CertificateRequest > > certificate_types rsa_sign > > certificate_types dss_sign > > certificate_authority > > C=US > >

Re: trying to create a Certificate Authority for use with stunnel- but, it doesn't wanna work.

Hm, okay, I seem to have successfully generated my Certificate Authority, but now, I'm getting VERIFY ERROR: depth=0, error=unable to get local issuer certificate: /C=US/ST=Florida/O=Health Plan Partners, LLC./OU=Certificate Authority/CN=hpprx.com/[EMAIL PROTECTED] Any ideas as to w

Re: trying to create a Certificate Authority for use with stunnel- but, it doesn't wanna work.

--- Robert Butler <[EMAIL PROTECTED]> wrote: > Hi everybody. I'm trying to set up an OpenSSL > Certificate Authority for use with my > recently-installed stunnel 7.x installation- > only, I'm having a hard time creating the cacert.pem > file. It seems th

trying to create a Certificate Authority for use with stunnel- but, it doesn't wanna work.

Hi everybody. I'm trying to set up an OpenSSL Certificate Authority for use with my recently-installed stunnel 7.x installation- only, I'm having a hard time creating the cacert.pem file. It seems that OpenSSL wants an infile when generating this file. Has anybody had experience with

Re: Issues creating Certificate Authority

On Thu, Dec 02, 2004, Dan O'Brien wrote: > > OK, thanks. However, I'm clueless about how to execute the above > commands. "CA.pl" is an unknown command to my system, and openssl req > doesn't list it as an option. > > What specifically am I missing about your suggestion? > When you install o

Re: Issues creating Certificate Authority

OK, installed 0.9.7e and the openssl.cnf file to the right location. Was then able to create the certificate authority. However, the next step, creating the SSL key for apache, met with the following error: [EMAIL PROTECTED]:/etc/ssl# openssl req -new -config ./openssl.cnf -nodes -out ./apache

RE : Issues creating Certificate Authority

#x27;Brien Envoyé : mercredi 1 décembre 2004 17:48 À : [EMAIL PROTECTED] Objet : Re: Issues creating Certificate Authority On Nov 23, 2004, at 1:59 PM, Charles B Cranston wrote: > It's possible from what you describe that it was a > hanging alias, that is, a symbolic link pointing to &

Re: Issues creating Certificate Authority

tem > >>lib:bss_file.c:106: > >>1708:error:0E064002:configuration file routines:CONF_load:system > >>lib:conf_lib.c:91: > >>Changing directories and listing showed this: > >>[EMAIL PROTECTED]:/usr/lib/ssl# ls > >>certs lib misc openssl.cnf

Re: Issues creating Certificate Authority

npack one from another installation. Unless you have a better idea, I believe the next move will be to try to install 0.9.7e. - Dan O'Brien OK, installed 0.9.7e and the openssl.cnf file to the right location. Was then able to create the certificate authority. However, the next step, creati

Re: Issues creating Certificate Authority

It's possible from what you describe that it was a hanging alias, that is, a symbolic link pointing to a file that does not actually exist. This looks like a file initially but gets a "file does not exist" when you try to actually use it... Dan O'Brien wrote: On Nov 22, 2004, at 1:41 PM, Dr. Steph

Re: Issues creating Certificate Authority

On Nov 22, 2004, at 1:41 PM, Dr. Stephen Henson wrote: On Mon, Nov 22, 2004, Dan O'Brien wrote: Searched for openssl.cnf and it is on the system: [EMAIL PROTECTED]:/etc/ssl# locate openssl.cnf /usr/lib/ssl/openssl.cnf Is this a clue to the problem? Might be :-) Depends what's in that file. Does it

Re: Issues creating Certificate Authority

On Mon, Nov 22, 2004, Dan O'Brien wrote: > > Searched for openssl.cnf and it is on the system: > > [EMAIL PROTECTED]:/etc/ssl# locate openssl.cnf > /usr/lib/ssl/openssl.cnf > > Is this a clue to the problem? > Might be :-) Depends what's in that file. Does it contain a line with: [distinguis

Re: Issues creating Certificate Authority

On Nov 18, 2004, at 1:27 PM, Dr. Stephen Henson wrote: On Thu, Nov 18, 2004, Dan O'Brien wrote: It's old, but it's the latest in "Debian Stable:" [EMAIL PROTECTED]:~# openssl version -a OpenSSL 0.9.6c 21 dec 2001 built on: Wed Mar 3 19:09:47 UTC 2004 platform: debian-i386 options: bn(64,32) md2(

Re: Issues creating Certificate Authority

On Thu, Nov 18, 2004, Dan O'Brien wrote: > > > It's old, but it's the latest in "Debian Stable:" > > [EMAIL PROTECTED]:~# openssl version -a > OpenSSL 0.9.6c 21 dec 2001 > built on: Wed Mar 3 19:09:47 UTC 2004 > platform: debian-i386 > options: bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16

Re: Issues creating Certificate Authority

On Nov 18, 2004, at 12:58 PM, Dr. Stephen Henson wrote: On Thu, Nov 18, 2004, Dan O'Brien wrote: On Nov 18, 2004, at 11:48 AM, Dr. Stephen Henson wrote: On Thu, Nov 18, 2004, Dan O'Brien wrote: On Nov 17, 2004, at 7:49 PM, Dr. Stephen Henson wrote: On Wed, Nov 17, 2004, Dan O'Brien wrote: Hi Steve

Re: Issues creating Certificate Authority

On Thu, Nov 18, 2004, Dan O'Brien wrote: > > On Nov 18, 2004, at 11:48 AM, Dr. Stephen Henson wrote: > > >On Thu, Nov 18, 2004, Dan O'Brien wrote: > > > >> > >>On Nov 17, 2004, at 7:49 PM, Dr. Stephen Henson wrote: > >> > >>>On Wed, Nov 17, 2004, Dan O'Brien wrote: > >>> > > > Hi S

Re: Issues creating Certificate Authority

On Nov 18, 2004, at 11:48 AM, Dr. Stephen Henson wrote: On Thu, Nov 18, 2004, Dan O'Brien wrote: On Nov 17, 2004, at 7:49 PM, Dr. Stephen Henson wrote: On Wed, Nov 17, 2004, Dan O'Brien wrote: Hi Steve, thanks for the response. We did not get this error (or if we have, we haven't seen it):

Re: Issues creating Certificate Authority

On Thu, Nov 18, 2004, Dan O'Brien wrote: > > On Nov 17, 2004, at 7:49 PM, Dr. Stephen Henson wrote: > > >On Wed, Nov 17, 2004, Dan O'Brien wrote: > > > >> > >> > >>Hi Steve, thanks for the response. We did not get this error (or if we > >>have, we haven't seen it): > >> > >>Using configu

Re: Issues creating Certificate Authority

On Nov 17, 2004, at 7:49 PM, Dr. Stephen Henson wrote: On Wed, Nov 17, 2004, Dan O'Brien wrote: Hi Steve, thanks for the response. We did not get this error (or if we have, we haven't seen it): Using configuration from /some/path/openssl.cnf Unable to load config info But we did ge

Re: Issues creating Certificate Authority

On Wed, Nov 17, 2004, Dan O'Brien wrote: > > > Hi Steve, thanks for the response. We did not get this error (or if we > have, we haven't seen it): > > Using configuration from /some/path/openssl.cnf > Unable to load config info > > But we did get this error upon attempting to

Re: Issues creating Certificate Authority

On Nov 17, 2004, at 1:01 PM, Dr. Stephen Henson wrote: On Wed, Nov 17, 2004, Dan O'Brien wrote: Hi, We're trying to generate a Certificate Authority on our Debian/Apachessl server. Here's the command we're entering: openssl req -new -x509 -keyout private/cakey.pem -out cacer

Re: Issues creating Certificate Authority

On Wed, Nov 17, 2004, Dan O'Brien wrote: > > Hi, > > We're trying to generate a Certificate Authority on our > Debian/Apachessl server. Here's the command we're entering: > > openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days >

Issues creating Certificate Authority

Hi, We're trying to generate a Certificate Authority on our Debian/Apachessl server. Here's the command we're entering: openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 7000 The above command kicks back the following error: unable to find 'distingui

Certificate chain file & Certificate Authority File

Hi all, I am setting up the apache with SSL on a Fedora Core 2 server. I successfully create the server.key and server.crt file. However, under the the HTTP configuration screen, it wants me to enter the Certificate Chain File (default is ca.crt), and Certificate Authority File (default is ca

Re: Anyone Know of a Web Based Certificate Authority.

At 03:47 AM 6/23/2003 +, John Doe writeth: >Anyone know of a web based certificate authority that actually works as >advertised. I have tried php-ca but I am having alot of trouble getting it >to work. OpenCA is a little bit to full featured for what I am trying to >accomplish.

RE: Anyone Know of a Web Based Certificate Authority.

Know of a Web Based Certificate Authority. Anyone know of a web based certificate authority that actually works as advertised. I have tried php-ca but I am having alot of trouble getting it to work. OpenCA is a little bit to full featured for what I am trying to accomplish. Basically I am lo

Anyone Know of a Web Based Certificate Authority.

Anyone know of a web based certificate authority that actually works as advertised. I have tried php-ca but I am having alot of trouble getting it to work. OpenCA is a little bit to full featured for what I am trying to accomplish. Basically I am looking to send a secret to an email address in

Re: free Certificate Authority

evilbunny wrote: Be interesting to have a standard cross verification scheme/policy between free efforts where the data is sent and then some rules applied against it if it's 98% the same or something ok it... I was thinking about cross-certification last night, but I'm not sure if it makes bus

Re: free Certificate Authority

On Fri, 1 Nov 2002, Xperex Tim wrote: > I don't really see the value of free certificates. If they are free > that means that the CA can't be doing any identity checks. So any > schmoe can get a certificate with your name on it and claim to be you. I agree that such cert.s are essentially anonym

Re[2]: free Certificate Authority

Hello Bear, Be interesting to have a standard cross verification scheme/policy between free efforts where the data is sent and then some rules applied against it if it's 98% the same or something ok it... May not be practical *shrug* and also 1 site may not agree with how another treats the polic

Re: free Certificate Authority

evilbunny wrote: Interesting idea... Only problem is the bank doesn't verify the name electronically as far as I'm aware... Least none of the payment gateway's I've dealt with in the past... (I was planning to charge $10, but I am also planning to offer personal server certs if you have a $10 c

Re[4]: free Certificate Authority

ember 2002 3:08 >> To: Mark H. Wood >> Subject: Re[2]: free Certificate Authority >> >> >> Hello Mark, >> >> Few methods that can be used... The one I hope to make use of is >> similar to that of Thawte's Web of trust, when you get end users >&g

RE: Re[2]: free Certificate Authority

> Sent: Saturday, 2 November 2002 3:08 > To: Mark H. Wood > Subject: Re[2]: free Certificate Authority > > > Hello Mark, > > Few methods that can be used... The one I hope to make use of is > similar to that of Thawte's Web of trust, when you get end users &g

Re: free Certificate Authority

Xperex Tim wrote: I don't really see the value of free certificates. If they are free that means that the CA can't be doing any identity checks. So any schmoe can get a certificate with your name on it and claim to be you. Even a free cert can easily verify that the email address is valid eno

Re[2]: free Certificate Authority

Hello Xperex, Not if you get the users to verify each other in person and with photo id etc, and until they do don't put names on certificates... -- Best regards, evilbunnymailto:evilbunny@;sydneywireless.com http://www.cacert.org - Free Security Certificates http:/

Re: free Certificate Authority

I don't really see the value of free certificates. If they are free that means that the CA can't be doing any identity checks. So any schmoe can get a certificate with your name on it and claim to be you. --- Peter Ziobrzynski <[EMAIL PROTECTED]> wrote: > I searched far and wide and can't find

RE: Re[4]: free Certificate Authority

ober 2002 6:07 > To: Marco "Kiko" Carnut > Subject: Re[4]: free Certificate Authority > > > Hello Marco, > > > Front end is PHP based, with all operations feeding a MySQL table, > which is then crontab'd to trigger a c programmer to interact with > ope

Re: free Certificate Authority

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I've been working on a similar project. My approach, with notes, is: - - JSP front-end. This isn't so much for the forms as for the results when you search the database - the JSP kicks out XML, but can run it through XLST for browsers and clients th

RE: Re[4]: free Certificate Authority

Evilbunny, > MKC> The idea is to use the Verified Identity (IV) CA to get credibility to > MKC> the name. This will become clear when we put the VI CA online in a few > MKC> days -- then you'll see what it is capable of. I'll let you know when > MKC> it's online. Meanwhile, its main ideas are desc

Re[4]: free Certificate Authority

Hello Marco, MKC> The idea is to use the Verified Identity (IV) CA to get credibility to MKC> the name. This will become clear when we put the VI CA online in a few MKC> days -- then you'll see what it is capable of. I'll let you know when MKC> it's online. Meanwhile, its main ideas are described

RE: Re[2]: free Certificate Authority

Hi evilbunny, > I've a similar project under development, little more testing to see > if the user has the rights to the domain, and they generate their own > private keys etc... little more effort on the users part, however I've > tried to code it in a sane method, by stopping people being able t

Re: free Certificate Authority

I'll be damned. It really is a free email cert at thawte.com. At veritas they have one but not free - $45/year. I thought the SSL is completely dead as for personal use. But not to far from it. Anybody can get PGP/GPG for free now and new mozilla enigmail plugin does all the magic. Thanks Karl!

Re: free Certificate Authority

... on www.thawte.com you'll find it at middle, left of home page: (9 o'clock ;-) Am 2002-10-27 18:41 Uhr schrieb "Peter Ziobrzynski" unter <[EMAIL PROTECTED]>: > Franck Martin wrote: >> I think there was something called www.medacen.net >> >> Also, check the ISOC PKI w

Re: free Certificate Authority

Franck Martin wrote: I think there was something called www.medacen.net Also, check the ISOC PKI working Group www.isoc.org You can register a free certificate for e-mail on thawte and versisign. This is interesting. How do you know about it? Did you do it? On either t

free Certificate Authority

I searched far and wide and can't find a CA service in a reasonable price. Verisign, Thawte, etc. all charge hundreds for one year PKI. There must be a way to get a recognized personal client SSL certificate for free. Banks, ISPs should be interested in having their customers use signed email. D

Re: free Certificate Authority

I think there was something called www.medacen.net Also, check the ISOC PKI working Group www.isoc.org You can register a free certificate for e-mail on thawte and versisign. Cheers. [EMAIL PROTECTED] On Sun, 2002-10-27 at 20:14, Peter Ziobrzynski wrote: I searched far and wid

LDAP, SSL, Active Directory, Microsoft Enterprise Certificate Authority

.CPQUNIX.NET passwd[11637]: [ID 280705 user.error] pam_ldap: ldap_simple_bind Can't contact LDAP server Using truss on passwd appears to show a dialog with the Win2K system running Active Directory, Enterprise Certificate Authority via SSL, port 636. The reply from Win2K is read on fd

Re: Certificate Authority

Richard Levitte - VMS Whacker wrote: > > From: Kent Crispin <[EMAIL PROTECTED]> > > kent> Just thinking out loud... > kent> > kent> Note that the PGP "web of trust" model works without a centralized CA, > kent> and that free key servers exist. Perhaps there is some hybrid possible, > kent> wher

Re: Certificate Authority

On Thu, May 25, 2000 at 09:11:25AM +0200, Richard Levitte - VMS Whacker wrote: [...] > What you say is a nice thought, and I'd very much like to see > something like that, but I see one problem with it, at least with the > current definition of RFC2459 certificates (as I understand RFC2459. > If I

Re: Certificate Authority

Yes, there is only one signature per certificate. But don't forget that you can have more than one certificate (depending on their individual purpose), each issued by different CAs. There are some multinational initiatives that try to address the problem of trust between countries (I assume that

RE: Certificate Authority

> -Original Message- > From: Jason Haar [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, May 23, 2000 7:03 PM > I feel everyone is missing the point. No, we're discussing a different point. You're talking about signing certificates for your own private use; we're talking about signing them f

RE: Certificate Authority

> -Original Message- > From: Yuji Shinozaki [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, May 23, 2000 11:16 PM > Hey, maybe we DO need a sanctioning body, but then how do you decide to > trust them? And how do you get the existing CA's to play ball? We live and work with myriad trust rela

RE: Certificate Authority

>sense to me. In the meantime, I believe there is a strong need for an >alternative to the VeriSign free certificates. You can get your free client certificate for private use at TC TrustCenter http://www.trustcenter.de/english/693.htm then follow the links. ...and it is valid for one year S

RE: Certificate Authority

Try adding another "w" to that web address. -Original Message- From: Mocha [mailto:[EMAIL PROTECTED]] Sent: Tuesday, May 23, 2000 11:42 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Certificate Authority At 03:14 PM 5/23/00 -0700, Steve Cook wrote: >At 01:43 PM

RE: Certificate Authority

> -Original Message- > From: [EMAIL PROTECTED] > ... On Behalf Of Jason Haar > Sent: Tuesday, May 23, 2000 8:03 PM ... > Subject: Re: Certificate Authority > > I feel everyone is missing the point. It strikes me that there is another need: personal certificates for

Re: Certificate Authority

I hope you tried www.equifaxsecure.com and not ww.equifaxsecure.com as stated below... Mocha wrote: > > At 03:14 PM 5/23/00 -0700, Steve Cook wrote: > >At 01:43 PM 5/23/00 -0500, Mocha wrote: > > > > >i just feel that charging someone over $300/yr (verisign) is rediculous. > > >with the acquisit

Re: Certificate Authority

I'd just like to point out that an Open Community CA is different than an Open Source CA. The latter is obviously addressed by the OpenCA.org ini- tiative which, BTW, I don't know if it's getting any momentum at all. The first one implies that you have a CA where everyone can register and fetch a

Re: Certificate Authority

On Wed, May 24, 2000 at 12:02:55PM +1200, Jason Haar wrote: > I feel everyone is missing the point. > > What do I do as a company when I want to "acquire" 1,000's of user certs so > that my users can (e.g.) use IPSec VPN solutions over the Internet to > access corporate services? > > I don't _n

Re: Certificate Authority

At 03:14 PM 5/23/00 -0700, Steve Cook wrote: >At 01:43 PM 5/23/00 -0500, Mocha wrote: > > >i just feel that charging someone over $300/yr (verisign) is rediculous. > >with the acquisition of thawt by verisign, what does that leave us? > >Equifax Secure http://ww.equifaxsecure.com/ will issue you a

Re: Certificate Authority

On Tue, 23 May 2000, Mocha wrote: > > who verifies that the CA is who they say they are? is there a governing > agency that over look all the CA's? > Ah. I think you have hit upon a question that should be asked more often. Since the root cert is self-signed, there is no inherent way to verif

Re: Certificate Authority

At 07:02 PM 5/23/00, you wrote: >I feel everyone is missing the point. > >What do I do as a company when I want to "acquire" 1,000's of user certs so >that my users can (e.g.) use IPSec VPN solutions over the Internet to >access corporate services? Simple answer, you don't. IPSec does not requir

Re: Certificate Authority

I feel everyone is missing the point. What do I do as a company when I want to "acquire" 1,000's of user certs so that my users can (e.g.) use IPSec VPN solutions over the Internet to access corporate services? I don't _need_ a major CA to be guaranteeing the validity - I need to be the CA! Ot

Re: Certificate Authority

At 01:43 PM 5/23/00 -0500, Mocha wrote: >i just feel that charging someone over $300/yr (verisign) is rediculous. >with the acquisition of thawt by verisign, what does that leave us? Equifax Secure http://ww.equifaxsecure.com/ will issue you a server cert for $45, and their root cert is recogn

Certificate Authority

What does it take to be a certified CA? I'm just curious why there hasn't been an "OpenSource" type CA. I think it's rediculous to pay someone just for them to say that you are who you are. __ OpenSSL Project

Re: Netscape4.6: [Certificate Authority] Internal Error

ca2cert.cacert is not a valid CA: the extensions are wrong. When you sign the request for CA2 you need to use the correct CA extensions. Check out some of the stuff in docs/openssl.txt for some info. CAs and end user certificates have different extensions so end users can't pretend to be a CA.

Re: Certificate Authority in Netscape Browser

CASTELAIN Didier wrote: > > Hello, > > For an inside project, we must be our own certificate authority. > Is there a way to indicate a new certificate authority in netscape (4.5 & > 4.6) > In the security menu 'signers', there is only , and > > Th

Re: Certificate Authority in Netscape Browser

Hi, you have to go in the Security > Certificates > Yours , and here you can import a certificate stored on your disk. Bye, Emmanuel Poitier On Thu, 19 Aug 1999, you wrote: >Hello, > >For an inside project, we must be our own certificate authority. >Is there a way to indicate

Certificate Authority in Netscape Browser

Hello, For an inside project, we must be our own certificate authority. Is there a way to indicate a new certificate authority in netscape (4.5 & 4.6) In the security menu 'signers', there is only , and Thank you for your help Didier PS: sorry for my english ;-) >

Re: Build-your-own Certificate Authority

On Fri, 30 Jul 1999, Holger Reif wrote: > Steven J Sobol schrieb: > > > > On Thu, Jul 29, 1999 at 05:03:20PM +1000, Damien Miller wrote: > > > > > > You can have a look at the mkcert.sh script of mod_ssl. This might > > > > be a good starter. > > > > > > ... or better yet, the CA.pl included wi

Re: Build-your-own Certificate Authority

Steven J Sobol wrote: > > On Thu, Jul 29, 1999 at 05:03:20PM +1000, Damien Miller wrote: > > > > You can have a look at the mkcert.sh script of mod_ssl. This might > > > be a good starter. > > > > ... or better yet, the CA.pl included with OpenSSL > > The script itself seems to work well, but f

Re: Build-your-own Certificate Authority

At 01:09 PM 7/28/99 -0400, Steven J Sobol wrote: >I would like to set up a CA certificate that I will use to sign website >certificates with. These website certificates will be used on a temporary >basis until my client gets a real certificate from a real CA. > >Am I correct in thinking that all I

Build-your-own Certificate Authority

I would like to set up a CA certificate that I will use to sign website certificates with. These website certificates will be used on a temporary basis until my client gets a real certificate from a real CA. Am I correct in thinking that all I have to do is generate a separate certificate and use

pyCA-0.5.3 - tools for setting up a certificate authority

HI! I would like to announce a new beta release of my package pyCA, a set of scripts and CGI-BIN programs written in Python for setting up and running a certificate authority using OpenSSL. See http://sites.inka.de/ms/python/pyca/ for more details. I would like to ask for feedback of