> From: openssl-users On Behalf Of Jakob
> Bohm via openssl-users
> Sent: Monday, 23 August, 2021 04:40
>
> On 21/08/2021 19:42, Michael Wojcik wrote:
> >> From: rgor...@centerprism.com
> >> Sent: Saturday, 21 August, 2021 11:26
> >>
> >> My openssl.cnf (I have tried `\` and `\\` and `/` director
On 21/08/2021 19:42, Michael Wojcik wrote:
From: rgor...@centerprism.com
Sent: Saturday, 21 August, 2021 11:26
My openssl.cnf (I have tried `\` and `\\` and `/` directory separators):
Use forward slashes. Backslashes should work on Windows, but forward slashes work
everywhere. I don't know th
Am 21.08.21 um 19:53 schrieb rgor...@centerprism.com:
I am fine on the command line. I just need a little help with openssl. Do you
have any ideas on setting the hostname with openssl.cnf?
If it would be bash on Linux, scripting this not a challenge. About Windows: No
idea, sorry.
Subject: Re: Need some help signing a certificate request
Hi rgor...@centerprism.com,
the substitution for your CA did not work: 'Subject: CN = $(hostname), O =
server'.
My recommendation, if you are not familiar with openssl and the command line
would be, use XCA, there is a Windo
some help signing a certificate request
Hi rgor...@centerprism.com,
the substitution for your CA did not work: 'Subject: CN = $(hostname), O =
server'.
My recommendation, if you are not familiar with openssl and the command line
would be, use XCA, there is a Windows version available
It was the index.txt like you said. Thank you.
-Original Message-
From: openssl-users On Behalf Of Michael
Wojcik
Sent: Saturday, August 21, 2021 1:43 PM
To: openssl-users@openssl.org
Subject: RE: Need some help signing a certificate request
> From: rgor...@centerprism.com
>
m 21.08.21 um 19:28 schrieb rgor...@centerprism.com:
The req.pem contents:
-BEGIN CERTIFICATE REQUEST-
MIICbDCCAVQCAQAwJzEUMBIGA1UEAwwLJChob3N0bmFtZSkxDzANBgNVBAoMBnNl
cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKXeMnFZM4+aAtyb
YJwau1WLdAFxtlNiLKPZ6WdX0cGyEFeMa9DG+f6R6ZBn6ifwiae
> From: rgor...@centerprism.com
> Sent: Saturday, 21 August, 2021 11:26
>
> My openssl.cnf (I have tried `\` and `\\` and `/` directory separators):
Use forward slashes. Backslashes should work on Windows, but forward slashes
work everywhere. I don't know that "\\" will work anywhere.
> [ ca
The req.pem contents:
-BEGIN CERTIFICATE REQUEST-
MIICbDCCAVQCAQAwJzEUMBIGA1UEAwwLJChob3N0bmFtZSkxDzANBgNVBAoMBnNl
cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKXeMnFZM4+aAtyb
YJwau1WLdAFxtlNiLKPZ6WdX0cGyEFeMa9DG+f6R6ZBn6ifwiae8KJmK+maeN5Th
+NKKYRvJQaNo5h/62lqJMjuLDZqS9B
keyUsage = digitalSignature,keyEncipherment
extendedKeyUsage = 1.3.6.1.5.5.7.3.1
-Original Message-
From: openssl-users On Behalf Of Michael
Wojcik
Sent: Saturday, August 21, 2021 1:22 PM
To: openssl-users@openssl.org
Subject: RE: Need some help signing a certificate request
> F
> From: openssl-users On Behalf Of
> rgor...@centerprism.com
> Sent: Saturday, 21 August, 2021 09:48
> Thanks for the comment. I have tried both `/` and `\` with no change.
Most or all Windows APIs, and most programs, support the forward slash as a
directory separator. The exceptions are mostl
Thanks for the comment. I have tried both `/` and `\` with no change.
From: openssl-users On Behalf Of Tom Browder
Sent: Saturday, August 21, 2021 11:41 AM
Cc: openssl-users@openssl.org
Subject: Re: Need some help signing a certificate request
On Sat, Aug 21, 2021 at 09:21 mailto:rgor
On Sat, Aug 21, 2021 at 09:21 wrote
...
> When I type ‘openssl ca -config .\openssl.cnf -in ../server/req.pem -out
>
I don't do wndows, but your directory separators are not consistent--not
sure of the effect.
-Tom
Hello all,
I am using OpenSSL 1.1.1k 25 Mar 2021 on Windows 10
c:\OpenSSL\x64\bin is part of my path.
When I type 'openssl ca -config .\openssl.cnf -in ../server/req.pem -out
server_certificate.pem -notext -batch -extensions server_ca_extensions' I
get nothing out. No 'server_certifica
Wojcik
Sent: Friday, February 7, 2020 3:37 PM
To: openssl-users@openssl.org
Subject: RE: TLS 1.2 handshake issue (Server Certificate request)
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On
> Behalf Of Bashin, Vladimir
> Sent: Friday, February 07, 2020 11:25
>
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of
> Bashin, Vladimir
> Sent: Friday, February 07, 2020 11:25
> ... during that handshake the TLS server requests the client Certificate
> but our TLS client responds with the Certificates Length 0 that causes
> the TLS se
,
>
> VB
>
>
>
> *From:* Dmitry Belyavsky
> *Sent:* Friday, February 7, 2020 3:07 PM
> *To:* Bashin, Vladimir
> *Cc:* openssl-users@openssl.org
> *Subject:* Re: TLS 1.2 handshake issue (Server Certificate request)
>
>
>
> Hello Vladimir,
>
>
&g
Hello Vladimir,
It's worth trying to reproduce the situation using openssl
s_client/s_server command-line apps.
On Fri, Feb 7, 2020 at 9:25 PM Bashin, Vladimir wrote:
> Hello, OpenSSL experts !
>
>
>
> We need your help in better understanding a below behavior -
>
>
>
> We are experiencing issu
Hello, OpenSSL experts !
We need your help in better understanding a below behavior -
We are experiencing issue during the initial TLS handshake :
We have the customer-issued TLS certificate that we deploy on our TLS client
system
The certs have been generated with a CSR that was generated on c
er requesting a
>> client certificate?
>
> If the server disconnects without completing the handshake you wont actually
> see the certificate request and session details. Try the -prexit option which
> tries to print out session details even if the handshake doesn't complete
On Thu, Aug 7, 2014 at 4:57 PM, Kyle Hamilton wrote:
> Usually you don't need to echo anything to get the "acceptable client CA
> names" list.
Thanks.
In this case, its IIS 7.5 and its *not* using SNI (SNI is available in
IIS 8). So I get a 400 "bad request" without the host header.
Jeff
> On 8
/ HTTP/1.1\nHost:example.com\n" | \
> openssl s_client -connect example.com:443 -ssl3 -ign_eof -CAfile
> ca-cert.pem
>
> Is there a message displayed that documents the server requesting a
> client certificate?
If the server disconnects without completing the handshake you wo
Usually you don't need to echo anything to get the "acceptable client CA
names" list.
-Kyle H
On 8/7/2014 1:55 PM, Jeffrey Walton wrote:
> I'm trying to track down a client side issue with the use of HTTPS. I
> suspect it has something to do with a server misconfiguration and
> client side certif
I'm trying to track down a client side issue with the use of HTTPS. I
suspect it has something to do with a server misconfiguration and
client side certificates.
When running s_client:
$ echo -e "GET / HTTP/1.1\nHost:example.com\n" | \
openssl s_client -connect example.com:443 -ssl3 -ign_eof
tl;dr: is it worth using OpenSSL to build a CMS EnvelopedData message when the
key transport algorithm is RSA-OAEP? If so, how?
Long version:
After some more digging, I'll try to make my request more precise.
Some context: I am generating a RSA key pair with an external engine (say a HSM
with
Hello all,
Trying to build a Certificate Signing Request using external means for crypto
operations (eg key pair generation, signing). I'm relying on demos/x509/mkreq.c
and the code in crypto/x509/.
What I want to do is:
- use external engine to generate RSA key pair
- build X509_REQ as per mk
o) and I am trying to use
> a third part pkcs11 library to sign a certificate signing request (csr).
>
> The private and public keys are generated and stored on a usb token, and
> there is no way of accessing them as files or blobs, but only attributes.
>
> I have created
attributes.
I have created the certificate request using X509_REQ_new() and its related
functions, but I am not able to sign the certificate request (using
X509_REQ_sign) as I don't have access to the private, or even the public
key.
I can only call the pkcs11 function C_SignInit/C_Sign to perfor
On Tue, Oct 08, 2013 at 06:00:39AM -0700, Rahul Tolani wrote:
> I'm signing a CSR that is generated by Windows Phone.
> But in that CSR I have a null character in the subject property.
You're not signing the CSR, the phone did that, which is why you
can't modify it. You're trying to issue a sign
On 08.10.2013 15:00, Rahul Tolani wrote:
Actual Subject Property =>
subject=/CN=B1C43CD0-1624-5FBB-8E54-34CF17DFD3A1\x00
this is just a bug - the \x00 looks like the terminating \0 ...
Required Subject Property =>
subject=/CN=B1C43CD0-1624-5FBB-8E54-34CF17DFD3A1
Greetings,
Walter
Hi !!
I'm signing a CSR that is generated by Windows Phone.
But in that CSR I have a null character in the subject property.
After changing the subject property and trying to sign the CSR i get an
error message
"Signature did not match the certificate request"
How to get throug
Hi friends.
I want to rise one more question here,
What is the difference in generated server certificate (A),
If make using certificate request, or make directly ("X509_REQ *csr"
vs "X509 *cert")
I have my OWN CA, its keys, I am making new certificate (A) from old
certifi
-openssl-us...@openssl.org] On Behalf Of Saurabh Pandya
Sent: Saturday, July 28, 2012 9:34 AM
To: openssl-users@openssl.org
Subject: Re: RSA PRIVATE KEY, CERTIFICATE REQUEST, and CERTIFICATE
On 7/28/12, Rita Rex Smith wrote:
> I am just getting started trying to figure out how to set up an
On Mon, Jul 30, 2012 at 5:15 AM, Erwann Abalea
wrote:
> GOST is not a block cipher, it's the acronym for "GOsudarstvennyi STandard",
> which means "State Standard". It's not dedicated to cryptography.
My apologies. I thought you were referring to the GOST block cipher.
(I've never used it, but kne
On Fri, Jul 27, 2012 at 08:05:58AM -0700, Sanford Staab wrote:
> It really looks to me like the openssl documentation needs improvement as
> well as a better tool besides CA.pl to help people use openssl in common
> scenarios. I suspect there is a strong demand for creative private CA
> suppor
Hi Jeff
There are two GOST algorithms.
GOST
28147-89 is for symmetric block cyphering and GOST R 34.10-2001 for asymmetric
cyphering and digital signing.
OpenSSL support both algorithms.
I mean GOST
R 34.10-2001 here.
Best Regards
GOST is not a block cipher, it's the acronym for "GOsudarstvennyi
STandard", which means "State Standard". It's not dedicated to cryptography.
Speaking of GOST standard is redundant, but clearer for non russian
locutors.
There's a block cipher (poorly) defined as a GOST standard, referenced
On Fri, Jul 27, 2012 at 9:00 AM, Abyss Lingvo wrote:
> Hi all!
>
> The last problem is how to create GOST key pair for certificate.
> It is clear how to create RSA keys.
> Sample is here : http://www.openssl.org/docs/crypto/EVP_PKEY_keygen.html
>
> #include
> #include
> EVP_PKEY_CTX *ctx;
>
On 7/28/12, Rita Rex Smith wrote:
> I am just getting started trying to figure out how to set up an SSL
> certificate and key with PayPal to use for encrypted payments on my
> website.
> I am totally confused as to what I need to upload to them and how to figure
> out if it is correct or not.
>
>
Bang !! Thanks Dave,
I am agree with Sandy's comment about openssl API's documentation.
Thanks again,
Saurabh
On 7/28/12, Dave Thompson wrote:
>> From: owner-openssl-us...@openssl.org On Behalf Of Saurabh Pandya
>> Sent: Friday, 27 July, 2012 10:21
>
>> On 7/27/12, Saurabh Pandya wrote:
>> >>
> From: owner-openssl-us...@openssl.org On Behalf Of Saurabh Pandya
> Sent: Friday, 27 July, 2012 10:21
> On 7/27/12, Saurabh Pandya wrote:
> >> Do roughly the same thing apps/ca.c does, except you probably don't
> >> need all its options but may want some other options:
> >>
> >> Create an X509
I am just getting started trying to figure out how to set up an SSL
certificate and key with PayPal to use for encrypted payments on my website.
I am totally confused as to what I need to upload to them and how to figure
out if it is correct or not.
I am familiar with programming, but I am having
: Saurabh Pandya
Sent: Friday, July 27, 2012 7:20 AM
To: openssl-users@openssl.org
Subject: Re: Certificate and Certificate request (Using API)
On 7/27/12, Saurabh Pandya wrote:
Do roughly the same thing apps/ca.c does, except you probably don't
need all its options but may want some other op
On 7/27/12, Saurabh Pandya wrote:
>> Do roughly the same thing apps/ca.c does, except you probably don't
>> need all its options but may want some other options:
>>
>> Create an X509 and set all needed X509_CINF fields in that X509
>> to values that you either extract from the X509_REQ and approve
Hi all!
The
last problem is how to create GOST key pair for certificate.
It is
clear how to create RSA keys.
Sample
is here : http://www.openssl.org/docs/crypto/EVP_PKEY_keygen.html
#include
#include
EVP_PKEY_CTX *ctx;
EVP_PKEY *pkey = NULL;
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)
> Do roughly the same thing apps/ca.c does, except you probably don't
> need all its options but may want some other options:
>
> Create an X509 and set all needed X509_CINF fields in that X509
> to values that you either extract from the X509_REQ and approve,
> or choose by your own logic (serial
;and sign it with my CA certificate/key.
>
> demos/x509/mkreq.c approach:
> Still i dont understand that, If I go with this approach, i create
> X509_REQ *req,
> I sign this certificate request with the new private key (csr's key).
Yes.
>
> T
, If I go with this approach, i create
X509_REQ *req,
I sign this certificate request with the new private key (csr's key).
THEN HOW CAN I CONVERT THIS CSR into Certificate using API?
for e.g. openssl have command "ca" that sign CSR and outs
ICS there
> isn't currently a utility that can directly issue non-self-signed, but
> a program using openssl library, which is what the OP asked, can do that.
>
> >This certificate request is used to sign and create respective
> certificate.
>
> Not true. Assuming there is
>From: owner-openssl-us...@openssl.org On Behalf Of Sukalp Bhople
>Sent: Wednesday, 25 July, 2012 08:45
>You will always have to create a certificate request using your private
key.
True if you're using an external CA, but not if you're doing it yourself.
openssl comman
Hi,
You will always have to create a certificate request using your private key.
This certificate request is used to sign and create respective certificate.
Hope this helps.
On Wed, Jul 25, 2012 at 2:14 PM, Saurabh Pandya
wrote:
> --> I have created my self signed CA (cert.pem)
add stuff and sign it,
straightforward (mkcert.cc).
OR
Need to create X509_REQ (as shown in mkreq.cc) first and then
sign certificate
request with CA
(IS there any compulsion or advisory, that One SHOULD/MUST make
certificate request
Thank you All
Samples were very useful.
I could create certificates request using RSA keys.
But how to create request usign using GOST keys?
Best Regards
Vladislav
I wrote this a while ago, but I think it was trivially modified from
something I found online. I added a few comments, which perhaps is
helpful__
OpenSSL Project http://www.openssl.org
User Suppor
On Fri, Jul 20, 2012, Abyss Lingvo wrote:
> Hi all!
>
>
> How to
> create certificate request programmatically via OpenSSL API?
>
> This is the solution for command line utility:
>
> openssl genrsa -out server_key.pem -passout pass:$passwd -des3 1024
&g
You can take the code in apps/req.c and extract the pieces you need.
On 07/20/2012 10:17 AM, Abyss Lingvo wrote:
Hi all!
How to create certificate request programmatically via OpenSSL API?
This is the solution for command line utility:
openssl genrsa -out server_key.pem -passout pass
Hi all!
How to
create certificate request programmatically via OpenSSL API?
This is the solution for command line utility:
openssl genrsa -out server_key.pem -passout pass:$passwd -des3 1024
openssl req -new -key server_key.pem -passin pass:$passwd \
-passout pass:$passwd -out
p.
G.
-Original Message-
From: Michel [mailto:msa...@paybox.com]
Sent: 03 November 2011 14:10
To: openssl-users@openssl.org
Cc: Shaw Graham George
Subject: Re: Empty CA name list in Certificate Request in 0.9.8e
Hi George,
didn't you forget a call to :
SSL_CTX_set_client_CA_list()
scovered a problem when running our HTTPS server against a client
running some IBM software (not sure exactly what at the moment.
The client appears to be making a strict interpretation of the RFCs regarding
the CA name list in the Certificate Request sent by our server. This is
required not to b
RFCs regarding
the CA name list in the Certificate Request sent by our server. This is
required not to be empty by the RFCs (prior to TLS v1.1), but the list being
sent is empty. It seems that most software is tolerant of this, but this
particular IBM software is not.
I've being doing some
And, to further this point, OpenSSL can handle PKCS#10 in either PEM or DER
format, as well as SPKAC.
Have fun.
Patrick.
On 2010-09-10, at 4:59 AM, sandeep kiran p wrote:
> You can use what ever file extensions you may want but the contents of the
> file should be a PKCS#10 structure. File e
You can use what ever file extensions you may want but the contents of the
file should be a PKCS#10 structure. File extensions should not matter.
-Sandeep
On Fri, Sep 10, 2010 at 10:58 AM, prasanth wrote:
> Hi,
>
> what are the file extention formats like PEM, CSR ,P10 .. that can be
> signed b
Hi,
what are the file extention formats like PEM, CSR ,P10 .. that can be
signed by using
openssl ca
Thanks
Alex
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
> From: owner-openssl-us...@openssl.org On Behalf Of John R Pierce
> Sent: Monday, 28 June, 2010 13:18
> I'm trying to process a CRQ that came from a hardware
> appliance, and its
> apparently missing its country code.
>
and more.
>
> $ openssl ca -out tomcat-cert.pem -days 3650 -config ./ope
nssl req -noout -text -in tomcat_crq.pem
Certificate Request:
Data:
Version: 0 (0x0)
Subject: CN=myhostname
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:b3:
On July 22, 2009 04:00:15 pm Eduardo M.Cavalcanti wrote:
> Hello,
> In case I use a HSM to generate a certificate request is it possible
> to differentiate this cerificate request from a certificate request
> issued from plain openssl?
Short answer: no.
Longer answer: Still no, bu
I post one made in openssl and you use it to compare
Regards
shell session wrote:
>
> jav...@linex:~/Documents/openssl> cat inflinux2007_req.pem
> -BEGIN CERTIFICATE REQUEST-
> MIIC0TCCAjoCAQAwggFrMQswCQYDVQQGEwJNWDE
sion wrote:
>
> jav...@linex:~/Documents/openssl> cat inflinux2007_req.pem
> -BEGIN CERTIFICATE REQUEST-
> MIIC0TCCAjoCAQAwggFrMQswCQYDVQQGEwJNWDESMBAGA1UECBMJUXVlcmV0YXJv
> MRkwFwYDVQQHExBTYW4gSnVhbiBkZWwgUmlvMTIwMAYDVQQKEylQdWVydGFzIHkg
> RGlzZW5vcyBkZSBNYWRlcmEsIFMuQS4gZ
Hello,
In case I use a HSM to generate a certificate request is it possible
to differentiate this cerificate request from a certificate request
issued from plain openssl?
Thank you.
__
OpenSSL Project
Hello,
In case I use a HSM to generate a certificate request is it possible
to differentiate this cerificate request from a certificate request
issued from plain openssl?
Thank you.
__
OpenSSL Project
I had some issues trying to sign my certificate request, generated by
exchange 2007 using OpenSSL (with my own self signed certificate
authority for internal use). I saw at least one other person who had
trouble with it in the archives, but no replies. OpenSSL wouldn't read
the certif
Hello list,
I am trying to imort a .der server cert into my Fedora directory
services certificate store.
I used the openssl utility to create the csr below.
openssl genrsa -des3 -out server.key 4096
openssl req -new -key c00lsldap.key -out server.csr
I am using certutil to import the cert.
Cert
ttps://issues.apache.org/bugzilla/show_bug.cgi?id=43822
Kind regards,
Steve
Re: [openssl.org #1725] OpenSSL-0.9.8h: Bug in Certificate Request
generation
Kyle Hamilton
Mon, 08 Sep 2008 17:18:27 -0700
"ETA" is "Estimated Time of Arrival". Basically, he's asking when
I'm trying to sign a csr generated from Exchange 2007, but openssl doesn't seem
able to parse the request. I get the following:
$ openssl req -in exchange-smtp.req -text
unable to load X509 request
$ openssl req -in exchange-smtp.req -text -inform der
unable to load X509 request
29188:error:0D068
apache win 32 with
openssl with the latest snapshot who can point me in the right direction?
Thanks, Vj
> Date: Sat, 6 Sep 2008 12:38:28 +0200> From: [EMAIL PROTECTED]> To:
> openssl-users@openssl.org> Subject: Re: Problems making certificate request>
> > On Thu, Sep 04, 20
something
different?
> Date: Fri, 5 Sep 2008 16:29:10 -0700> From: [EMAIL PROTECTED]> To:
> openssl-users@openssl.org> Subject: Re: Problems making certificate request>
> > Malloc failure means that it isn't able to allocate memory properly.> What
> did you
On Thu, Sep 04, 2008, V H wrote:
> I've been trying to secure site with open ssl and have made a number of
> attempts and have gotten many errors. Any help with the following error
> would be very helpful. Thanks in advance:
>
> I get the following error upon issuing the following command:
>
>
M pass phrase:
> -
> You are about to be asked to enter information that will be incorporated
> into your certificate request.
> What you are about to enter is what is called a Distinguished Name or a DN.
> There are quite a few fields but you can leave some blank
> For some fields th
I've been trying to secure site with open ssl and have made a number of
attempts and have gotten many errors. Any help with the following error would
be very helpful. Thanks in advance:
I get the following error upon issuing the following command:
C:\Program Files\Apache Software Foundation\A
phrase,which I entered the same as for our
server(because we are using the same CA cert as server for client as well)
Then it is giving the following error:
Error reading certificate request in newreq.pem
3308:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:647:Expect
ing
Greetings All,
For the s_server command, when -Verify option is used, the s_server gives the
following certificate request message:
0d390503040102400031002f
This said, the certificate types supported are
0x03, 0x04, 0x01, 0x02, 0x40.
Per RFC 2246 section 7.4.4, 0x03 denotes rsa_fixed_dh
On Tue, May 22, 2007, Shane wrote:
> Hi,
>
> On Tue, May 22, 2007 at 12:57:36PM +0200, Dr. Stephen Henson wrote:
> > The display OpenSSL uses for an unsupported extension by default isn't very
> > informative but it is there for legacy reasons.
> >
> > Try including the option:
> >
> > -reqopt
On Mon, May 21, 2007, Shane wrote:
> Hello all,
>
> I am attempting to write a script which generates csr
> requests capable of submiting to www.symbiansigned.com to
> generate a developer certificate. Currently to my
> knowledge there is no Unix software to do this. I had a
> look at the csr g
Hello Gurus,
for last two years I was using SSL certificate for my web server,
generated by TinyCA. As it has expired two days ago, I tried to renew
it, but this is the error message I get:
=
/usr/bin/openssl ca -batch -passin env:SSLPASS -notext -config
/home/grzes/.TinyCA/ca.my.com/openssl
ust didn’t know what to do with it. ;)
When you generate a certificate request you need the following in the
openssl.cnf:
req_extensions = v3_req
[ v3_req ]
crlDistributionPoints = URI:http://192.168.0.2/my.crl
And when you issue the certificate from this request you’ll need in your
openssl.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi domi,
domi wrote:
> After one day pending-status I'll post this message again.
?? At least your message never reached me...
> domi wrote:
>> Just some last explanations: Of course my scenario is just fictional and I
>> won’t try to set up a comm
> greetings domi
>
>
--
View this message in context:
http://www.nabble.com/crlDistributionPoints-in-a-certificate-request-tf3148251.html#a8780236
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL P
n with data from the request.
The client may only set a very small subset of the possible extensions
in a certificate.
The subjectAltName extension would be a possible extension
the client may set in the request.
Guys/Girls: Any other idea what the client may set ?
> So I still have got the probl
ng to much nonsense ;)
So I still have got the problem, that the certificate request shall include
the CRL distribution point and that the CA has to “copy” it when signing the
certificate without knowing the CRL DP in the forefront.
I’m looking forward to get more comments, critics and probably the solu
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Domi,
domi wrote:
> which is helpful but not exactly what I had in mind ;) You couldn’t know
> this because I forgot to mention my aims. I’m trying to realise the
> following scenario:
> The CRL shall be kept on the server of the SSL-website and
>> O'Reilly). I can create certificate requests and issue certificate from
>> them. Now I want to do the following:
>>
>> The certificate request should include the crlDistributionPoints. (I'm
>> able
>> to enter the DP under certificate_extensions) Tha
rtificate from
> them. Now I want to do the following:
>
> The certificate request should include the crlDistributionPoints. (I'm able
> to enter the DP under certificate_extensions) Thats no problem so far.
> But now should the CA create the certificate without knowing the CRL
Hello,
I searched and tried a lot but wasn't able to solve the following problem:
I have built my own little CA (with the help of the OpenSSL book of
O'Reilly). I can create certificate requests and issue certificate from
them. Now I want to do the following:
The certificate requ
the request matches the signature Signature did not
match the certificate request).Here is what I am trying to do :
ca -cert server-cert.pem -config c:\openssl\bin\openssl.cnf -keyfile
server-key.pem -days 365 -out server.pem -infiles server-root.pem
>Using configuration from c:\openssl\
Allegretti <[EMAIL PROTECTED]> wrote:
Hi all,
I am having problem generating a certificate request. I am installing a
software called Appliance Manager on Win2k3 SP1. This is a Nokia software which
installs apache server. I am unable to start the apache service and my
understanding i
Allegretti
Sent: Thursday, November 16, 2006 9:01 AM
To: openssl-users@openssl.org
Subject: Problem with certificate request.
Hi all,
I am having problem generating a certificate request. I am installing a
software called Appliance Manager on Win2k3 SP1. This is a Nokia
software which installs apache
Hi all,
I am having problem generating a certificate request. I am installing a
software called Appliance Manager on Win2k3 SP1. This is a Nokia
software which installs apache server. I am unable to start the apache
service and my understanding is that this is because I have not been
able to
I'm creating a req
in ver 0.9.8d and want to include S/MIME Capabilities.
The sample
existing certificate has the following entries:
Requested
Extensions:
X509v3 Key Usage:
critical
Digital Signature, Non Repudiation,
Bonjour François,
On 26/08/2006, at 1:42 AM, [EMAIL PROTECTED] wrote:
Using the last version of openSSL, I am trying to create a
certificate request, but have some issues on the syntax of the
configuration file for the req command.
My organization has a tree of OU (between the O and the
Hello
Using the last version of openSSL, I am trying to
create a certificate request, but have some issues on the syntax of the
configuration file for the req command.
My organization has a tree of OU (between the O and
the CN)
Do you know how I may create such a request?
Below
1 - 100 of 224 matches
Mail list logo
