> From: owner-openssl-us...@openssl.org On Behalf Of prasad kasthuri
> Sent: Thursday, 25 February, 2010 14:44
> To: openssl-users@openssl.org
> Subject: Need help on creating certs
> I am getting the following error while creating certs using ope
>> Hi Team,
>>
>> I am getting the following error while creating certs using openssl
>> command. Please help me to create a cert using openssl.
>>
>> C:\OpenSSL\bin>openssl -inkey mykeyfile.pem -in -mycertfile.pem -out
>> myCert.p1
>> -
I think it should be just -key.
Thanks & Regards
Chaitra Shankar
prasad kasthuri wrote:
Hi Team,
I am getting the following error while creating certs using openssl
command. Please help me to create a cert using openssl.
C:\OpenSSL\bin>openssl -inkey mykeyfile.pem -in -mycertf
Hi Team,
I am getting the following error while creating certs using openssl command.
Please help me to create a cert using openssl.
C:\OpenSSL\bin>openssl -inkey mykeyfile.pem -in -mycertfile.pem -out
myCert.p1
-export
openssl:Error: '-inkey' is an invalid command.
Standard comma
t; --
>>> View this message in context:
>>> http://www.nabble.com/Creating-certs-used-for-smartcard-logon-in-windows-tp23338745p23338745.html
>>> Sent from the OpenSSL - User mailing list archive at Nabble.com.
>>> ___
e "test
>> certificate"
>>
>> Neither of these give any errors indicating that there was a problem with
>> the [smart_card] section of my openssl.cnf. Unfortunately, my smart card
>> tells me that this certificate doe
ty to logon.
>
> What am I missing here? Or am I completely offtrack?
>
> Thank you very much,
>
> Nate B.
> --
> View this message in context:
> http://www.nabble.com/Creating-certs-used-for-smartcard-logon-in-windows-tp23338745p23338745.html
> Sent from the OpenS
ack?
Thank you very much,
Nate B.
--
View this message in context:
http://www.nabble.com/Creating-certs-used-for-smartcard-logon-in-windows-tp23338745p23338745.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
___
Hi,
I am running a HostAPD server on openSUSE and I am having some problems with
certificates. The reason why I have set up this server is for learning and
testing purposes.
I am using my nokia (n95) phone to connect to the Internet and
authenticating via the HostAPD server. I am using openssl to
Darn, so there's a bug in CA.pl, well, I've never explored that utility.
Anyway, if you'd just followed the instructions in the HOWTO to create
CSR's, you wouldn't end up having the private key concatenated with the
request.
And, the private key is needed by "openssl req" to sign the request.
Richard Levitte - VMS Whacker wrote:
In message <[EMAIL PROTECTED]> on Mon, 04 Jul 2005 17:16:31 -0400, Uri <[EMAIL
PROTECTED]> said:
urimobile> /At least two demoCA sripts - CA and CA.pl
CA.sh and CA.pl both do the same wrong thing, bundle the private key
with the CSR (Certificate Signature
> IT is common practice for someone making a certificate request to prove that
> they have the private key.
Normally "proof of possession" is done by signing the request *with* the
private key, not sending it in the request. The CA can then verify the
requester's possession of private key using
In message <[EMAIL PROTECTED]> on Mon, 04 Jul 2005 17:16:31 -0400, Uri <[EMAIL
PROTECTED]> said:
urimobile> /At least two demoCA sripts - CA and CA.pl
CA.sh and CA.pl both do the same wrong thing, bundle the private key
with the CSR (Certificate Signature Request or something like that,
describ
Dr. Stephen Henson wrote:
PEM should be accepted but its very picky about any extra data before the
-BEGIN CERTIFICATE- line.
Hmm... I'll check - but I suspect it's too picky for me. :-)
True. As IPsec peers can exchange their certs automatically.
and I don't think Windows suppor
It's fine for any box to store or cache certificates of any kind.
Certificates are public data, and only contain a public key.
I know that it's fine - am just describing the setup, mostly for the
benefit of those who tend to jump to conclusions and give others as
little credit as possible u
On Mon, Jul 04, 2005, Uri wrote:
> Dr. Stephen Henson wrote:
>
> >PKCS#12 isn't an appropriate format to just import a certificate. You need
> >to use PEM or DER form and an appropriate extension such as .crt.
> >
> >
> I figured this out too late. PEM isn't accepted by Windows, but DER
> (luck
Dr. Stephen Henson wrote:
PKCS#12 isn't an appropriate format to just import a certificate. You need
to use PEM or DER form and an appropriate extension such as .crt.
I figured this out too late. PEM isn't accepted by Windows, but DER
(luckily!) is, so now I'm just using DER.
IPsec FAQ tha
In message <[EMAIL PROTECTED]> on Mon, 04 Jul 2005 13:41:17 -0400, Uri <[EMAIL
PROTECTED]> said:
urimobile> Richard Levitte - VMS Whacker wrote:
urimobile>
urimobile> >>> >What makes you think the private key is included?
urimobile> >urimobile>
urimobile> >urimobile> The fact that Windows XP ma
On Mon, Jul 04, 2005, Uri wrote:
> Dr. Stephen Henson wrote:
>
> >On Sun, Jul 03, 2005, Uri wrote:
> >
> >
> >
> >>How do I create a request that doesn't contain private key, and how do I
> >>sign it? Could you give me an example please?
> >>
> >What makes you think the private key is included?
Richard Levitte - VMS Whacker wrote:
>What makes you think the private key is included?
urimobile>
urimobile> The fact that Windows XP machine (into which I load the
urimobile> created cert) claims to now have the private key for it.
Uhmmm, in a X.509 PKI, you need a key pair (private and pub
> Darn, I thought I explained the problem: openssl "req" seems to require
> private key of the cert requestor, which defeats the whole idea of PKI.
No.
IT is common practice for someone making a certificate request to
prove that they have the private key. This is known as "proof of
possession" a
Uri wrote:
> Does openssl (9.0.9.7g or 0.9.8beta6) allow creating certs (signing
> others' public keys) without havign their private keys presented to the
> signer?
>
> [For having to bring private key along with the public key sort fo
> defea
On Jul 4, 2005, at 12:00 AM, Uri wrote:
Tan Eng Ten wrote:
But how??? Could you give an example please (of [a] creating, and
[b] signing a "req")?
How is in the HOWTO (http://www.openssl.org/docs/HOWTO/)
Darn, I thought I explained the problem: openssl "req" seems to
require private key
In message <[EMAIL PROTECTED]> on Mon, 04 Jul 2005 00:03:50 -0400, Uri <[EMAIL
PROTECTED]> said:
urimobile> Dr. Stephen Henson wrote:
urimobile>
urimobile> >On Sun, Jul 03, 2005, Uri wrote:
urimobile> >
urimobile> >>How do I create a request that doesn't contain private
urimobile> >>key, and how
In message <[EMAIL PROTECTED]> on Mon, 04 Jul 2005 00:00:20 -0400, Uri <[EMAIL
PROTECTED]> said:
urimobile> Tan Eng Ten wrote:
urimobile>
urimobile> >> But how??? Could you give an example please (of [a]
urimobile> >> creating, and [b] signing a "req")?
urimobile> >
urimobile> > How is in the HO
Dr. Stephen Henson wrote:
On Sun, Jul 03, 2005, Uri wrote:
How do I create a request that doesn't contain private key, and how do I
sign it? Could you give me an example please?
What makes you think the private key is included?
The fact that Windows XP machine (into which I load the
Tan Eng Ten wrote:
But how??? Could you give an example please (of [a] creating, and [b]
signing a "req")?
How is in the HOWTO (http://www.openssl.org/docs/HOWTO/)
Darn, I thought I explained the problem: openssl "req" seems to require
private key of the cert requestor, which defeats the
On Sun, Jul 03, 2005, Uri wrote:
> But how???
>
> Creating a certificate request ("req") with openssl seems to require
> that private key is included! How do I avoid it?
>
> How do I create a request that doesn't contain private key, and how do I
> sign it? Could you give me an example please
Tan Eng Ten wrote:
But how??? Could you give an example please (of [a] creating, and [b]
signing a "req")?
How is in the HOWTO (http://www.openssl.org/docs/HOWTO/)
Or just use the Perl script that ships with OpenSSL called CA.pl
(Required at least Perl 5.6.x to be installed).
Thomas Hrusk
But how??? Could you give an example please (of [a] creating, and [b]
signing a "req")?
How is in the HOWTO (http://www.openssl.org/docs/HOWTO/)
__
OpenSSL Project http://www.openssl.org
User Supp
Bernhard Froehlich wrote:
Uri wrote:
Does openssl (9.0.9.7g or 0.9.8beta6) allow creating certs (signing
others' public keys) without havign their private keys presented to
the signer?
[For having to bring private key along with the public key sort fo
defeats the whole purpse PKI.]
David Schwartz wrote:
Does openssl (9.0.9.7g or 0.9.8beta6) allow creating certs (signing
others' public keys) without havign their private keys presented to the
signer?
Of course,
But how???
Creating a certificate request ("req") with openssl seems t
> Does openssl (9.0.9.7g or 0.9.8beta6) allow creating certs (signing
> others' public keys) without havign their private keys presented to the
> signer?
Of course,
> [For having to bring private key along with the public key sort fo
> defeats the whole purpse PK
Uri wrote:
Does openssl (9.0.9.7g or 0.9.8beta6) allow creating certs (signing
others' public keys) without havign their private keys presented to
the signer?
[For having to bring private key along with the public key sort fo
defeats the whole purpse PKI.]
You are totally right.
Be
Does openssl (9.0.9.7g or 0.9.8beta6) allow creating certs (signing
others' public keys) without havign their private keys presented to the
signer?
[For having to bring private key along with the public key sort fo
defeats the whole purps
Hi,
how can I create a (x509) certificate for a decryption key generated
on a smartcard (of course not extractable) using the standard OpenSSL
command line tools ? Creating a pkcs10 cert request is (in general) not
possible, as the key can't create the signature needed for the
self-signed pkcs10 r
hi,
I am trying to create certificate..all is well till I call last method..
CA.pl -signreq
C:\ssl\openssl-0.9.5a\out32dll>CA.pl -signreq
Using configuration from C:\ssl\openssl-0.9.5a\apps\openssl.cnf
Loading 'screen' into random state - done
unable to load CA private key
114:error:0906D06C:PEM
I created a self signed with the following command:
openssl x509 -req -days 365 -in blahcsr.pem -signkey blahkey.pem -out blahcert.pem
blahkey was created with the genrsa command.
Now, docs and info I can gleen state that the -signkey option causes the resulting
output file,
in this case "blah
38 matches
Mail list logo
