On Fri, Mar 21, 2014 at 07:21:50PM +, Kyle Tinker wrote:
> *How do I trust two certificates with an identical subject (but
> different hashes) at the same time?*
Give them different key identifiers. When determining whether a
given certificate is issued by a given authority, OpenSSL will
com
I am working with OpenSSL and trying to trust multiple certificates with the
same subject but different hashes. The reason for this is I want to be able to
transition seamlessly from one certificate to the next on the host, and so for
a small period of time I want my devices to trust both the
ther hand is exactly right.
>
> You don't show the actual connection logic.
> Or any detail about the actual errors/problems.
>
> Server code equivalent to yours (simplified some) plus obvious
> connection logic, against s_client for convenience, works for me.
>
>
om/CA-file-with-multiple-certificates%2C-only-the-1st-one-in-the-file-works-tp28615249p28635059.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project http://www.o
> From: owner-openssl-us...@openssl.org On Behalf Of cschwaderer
> Sent: Wednesday, 19 May, 2010 18:50
> I'm having a problem with an OpenSSL client and server
> application I wrote.
> Client 1 uses certificate A and client 2 uses certificate B.
>
> I create a CA file on the server that contains
e (but I'm using the
SSL_CTX_set_client_CA_list() call).
It could be something I'm not doing on the client side where when the server
sends the CAs to the client, maybe it's only looking at the first
certificate and not seeing its certificate?
If anyone can see what I'm missing to
Hi Cr. Stephen,
Thank you for your quick reply. It really helped me to solve my problem.
Also mac verifying problem is caused by my mistake. I forgot to initialize
things using following functions.
SSLeay_add_all_algorithms();
ERR_load_crypto_strings();
Thanks in advance,
Milinda Pathirage
On
On Tue, Jan 29, 2008, Milinda Pathirage wrote:
> Hi all,
> Please apologize me if this is a dumb question.
> I am currently involved in project which I need to create key store which
> has functions like Java Key Store in C. My requirements is to store several
> X509 certificates with owner's cert
ptions like removing
-CAfile optiona and use -certfile option for storing ca cert. But every time
the info command only output two certifcate and private key only.
[2] openssl pkcs12 -info -in final_3.p12
Please can anyone help me in this issue. I want to store multiple
certificates(say 5 ex
On Wednesday 23 May 2007 08:05, Rajat Dudeja wrote:
> > >Could you please explain what do you mean by "not working"?
>
> The certificate sent in the message to the phone is not getting accepted by
> the phone. The phone must respond to the certificate message if it has
> received the certificate.
e multiple certifiacates from a single
>> self-signed CA. Please some one guide me in this.
>>
>> Also, my CA.crt and CA.key have already been flashed to the device, so
I do
>> not have any option of re-creating the CA.crt and CA.key.
>>
>> I saw some where on a post
ome one guide me in this.
>
> Also, my CA.crt and CA.key have already been flashed to the device, so I do
> not have any option of re-creating the CA.crt and CA.key.
>
> I saw some where on a post that separate CA.keys need to be developed as
> well for creating multiple certif
need to be developed as
well for creating multiple certificates. Is this true?
If Yes, do I need to create the new CA.key for every new certificate to be
certified by this single CA, keepig in consideration that CA.crt and 1
CA.key have already been flashed to the device?
Please some help and elab
On Mon, Mar 13, 2006 at 09:27:49PM +0100, Goetz Babin-Ebell wrote:
> [EMAIL PROTECTED] schrieb:
> > Pretty much confirm what I thought. The OPENSSL API is so rich and I
> > havn't touch it (web server) in a while, I figured it wouldn't hurt to ask.
>
> An alternative would be one host certificat
[EMAIL PROTECTED] schrieb:
> Pretty much confirm what I thought. The OPENSSL API is so rich and I
> havn't touch it (web server) in a while, I figured it wouldn't hurt to ask.
An alternative would be one host certificate with multiple
subject alt names.
This way you can issue a certificate that
ultiple domains in a certificate.
If they get multiple certificates, one per common name, but each going to
the same IP, my web server is not seeing the difference.
Currently, the simplest solution is to use a separate IP fo
You comments are right, but there is sole evolution.
See my mail from Feb 6, the openssl library contains a patch for the TLS
extension
of servername (which still needs to be implemented in browsers), but at
least the following patch for apache2 (working with a current openssl
snapshot
not on
Thanks.
Pretty much confirm what I thought. The OPENSSL API is so rich and I
havn't touch it (web server) in a while, I figured it wouldn't hurt to ask.
Beating a dead horse. :-)Thanks again.
---
Hector
On 3/13/06 9:46 AM, Ted wrote:
> I don't think you can use SSL make multiple (virtual)
they turned on
SSL, with one certificate, they are running into browser "domain mismatch"
conflicts. So I was asked how to resolve this.
If they get multiple certificates, one per common name, but each going to
the same IP, my web server is not seeing the difference.
I think the i
ow when they turned on
SSL, with one certificate, they are running into browser "domain mismatch"
conflicts. So I was asked how to resolve this.
If they get multiple certificates, one per common name, but each going to
the same IP, my web server is not seeing the difference.
I thin
On Mon, 2006-03-13 at 08:35 -0500, [EMAIL PROTECTED] wrote:
>
> So for one group, they will give them a HTTPS URL for domainX, and for
> another group, they will give them another HTTP URL for DomainY, but
> they
> will be hitting the same IP server.
sounds like a virtual domain. If you have 2
For our web server, Wildcat! Web Server, it loads 1 SSL certificate for
the web server.
I have a need to allow multiple SSL certificate for the same web server.
This is not a virtual domain need. I don't fully understand the customer
requirement, but a customer wishes to have use multple SSL
Hi all,
I am using mod_ssl to do client authentication on apache. We are using a 3
certificate model, where we have one certificate for (web)authentication, one
for digital signatures and one for encryption. When I try to connect to the
webserver (where I configured to only use the web authentica
From: Levy itai <[EMAIL PROTECTED]>
itai> Is it possible to load more then 1 server certificate ?
itai> Currently I'm using the SSL_CTX_use_certificate_file, and the
itai> SSL_CTX_use_PrivateKey_file in order to load the certificate and
itai> the private key at the initialization of the process.
Hi,
Is it possible to load more then 1 server certificate ?
Currently I'm using the SSL_CTX_use_certificate_file, and the
SSL_CTX_use_PrivateKey_file
in order to load the certificate and the private key at the initialization
of the process.
I want to be able to load more then one certificate beca
On Wed, 17 May 2000, Götz Babin-Ebell wrote:
> At 12:11 17.05.00 +0200, you wrote:
> It is not possible, because the server gets the information
> about the connected host after the initial SSL handshake.
> And he needs the information about the domain to send the needed
> host certificate (in the
To install individual certs for each Virtual Server, you will need
individual IP addresses. Name Based Hosting does not work with
SSL.
> Hello,
>
> We run multiple shops on a http server; running Linux, WN (as the http
> server) and MySql. They all use the same ip adres. The webserver uses a
>
At 12:11 17.05.00 +0200, you wrote:
>Hello,
Hello,
>We run multiple shops on a http server; running Linux, WN (as the http
>server) and MySql. They all use the same ip adres. The webserver uses a
>virtual host table to translate the actual domainname into the directory
>for that shop.
>So far so
Hello,
We run multiple shops on a http server; running Linux, WN (as the http
server) and MySql. They all use the same ip adres. The webserver uses a
virtual host table to translate the actual domainname into the directory
for that shop.
So far so good.
To give each shop ssl possibilities, we wa
29 matches
Mail list logo
