Have you looked into IPsec? That might be the best way.
Please respond to openssl-users@openssl.org
Sent by:[EMAIL PROTECTED]
To: openssl-users@openssl.org
cc: (bcc: Dan Mitton/YD/RWDOE)
Subject:Re: network connection encrypted/secure using ssl and
sockets ?!
LSN: Not
If you are on 11.11 you need to see if you have random number generator
installed. You can get the rand gen product for 11.11 from:
http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=KRNG11I
If you do not want to install a random number generator, then check to see if
Dear all:
I have a CA certificate. Its distributionPoint field contains a
directoryName(DirName). It's a DN in LDAP. So, if I get ldap server ip and
reserve whatever configured in DirName, can I do ldapsearch? If not, how can
I query out crl by using this DirName. And again, it points to an entry
Hello, thank you,
could you please help me setting up small my programm.
I lokked at the files s_server.c and s_client.c. They are too
complicated.
What about the files in /demos/bio
Could you please explain me the meaning of the BIO functions in
contrast to the SSL functions ?
What about t
Hello,
thank you for your reply :-)
How could I realize your mentioned option with openssl (functions):
public keys (asymmetric keys) without certificates
( In this situation neither A and B need to know about a previous
secret.)
Thank you so much
>>> Sergio <[EMAIL PROTECTED]> 04.09.200
Manuel Sahm escribió:
Hello,
thank you for your reply :-)
How could I realize your mentioned option with openssl (functions):
public keys (asymmetric keys) without certificates
( In this situation neither A and B need to know about a previous secret.)
Thank you so much
>>> Sergio <[EM
Hello someone there, i stuck at the problem from quite some time.
Could you guys help me in this? A small help in this regard will greately
appreciated.
Thank you very much.
-Madhu
On 9/1/08, Madhusudhan reddy <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
> Thanks for reply.
>
> Yes, it
Hi all,
I am working with openssl-0.9.8h to generate SCEP certificates. I am getting
the following errors while the SCEP server is trying to verify the
signatures:
24293:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type
is not 01:rsa_pk1.c:100:
24293:error:04067072:rsa routine
Honestly, I'm not sure. DER says that there is One True Encoding for
any given certificate, and I think (but am not sure) that part of it
is that "optional" parameters are not an option if the intended values
match the defaults.
I would guess that one of these is actually in violation of the rule
req does not create SCEP requests. (SCEP is currently a draft, and I
don't know if any work on it has occurred in openssl. If it has, it's
probably been on the 0.9.9 branch in CVS, since that's where most new
development is happening.)
-Kyle H
On Thu, Sep 4, 2008 at 2:20 AM, [EMAIL PROTECTED] <
Hello,
could anybody explain me how to modify this programm, to use only keys instead
of certificates ?
Thanks to all.
-
/* serv.cpp - Minimal s
Hi all,
I am very new to openssl.
I am trying to create a certificate using scep. I am using opnessl-0.9.8h for
thsi implementation
I am using a private key generated using openssl genrsa > cakey.pem command.
for creating certificate I am using the following command.
openssl req -config /usr/loc
Hi Kyle,
Thanks for the response.
I am using just the libraries of openssl for SCEP implementation. I get the
above error when the signature is verified on the server.
Probably I was not clear to you guys.
I am looking for the solution the above error.
Do you have any idea why this error occurs a
I've been trying to secure site with open ssl and have made a number of
attempts and have gotten many errors. Any help with the following error would
be very helpful. Thanks in advance:
I get the following error upon issuing the following command:
C:\Program Files\Apache Software Foundation\A
Hi all,
I want generate a private key and certificate using openssl commands
Earlier I was generating both these files using
openssl req -config /usr/local/ssl/openssl.cnf -new -x509 -keyout
private/cakey.pem -out cacert.pem -days 365
That time I was getting the error "asn1 encoding
routines:AS
I am attempting to install OpenSSL 0.9.8h on a Solaris x86 32 bit virtual
machine.
I am able to ./config, make and make install but make test fails.
Here is the error I am receiving:
# make test
testing...
making all in apps...
../util/shlib_wrap.sh ./destest
*** Signal 11 - core dumped
make:
Mike:
I appreciate the clarification on HPUX 11.11 RNG. When I scanned HPUX
documentation for RNG info a couple of months back, it was not totally clear to
me what my OpenSSL-enabled app should do when installed on a 11.11 site host.
One take was to, upon installation on 11.11, ask installer i
Read the PROBLEMS doc in the distribution; there's a note about this.
There is a bug which is apparently in the toolchain on that platform.
- Ariel
Matthew Maddox wrote:
I am attempting to install OpenSSL 0.9.8h on a Solaris x86 32 bit
virtual machine.
I am able to ./config, make and mak
OpenSSL-enabled apps should, on installation to an 11.11 site host, do
everything they have to to ensure proper operation. Even though it's
well-known in cryptographic circles, the need for secure random
numbers for cryptography is not well-known in the rest of the
computer-using world; documentin
Manuel Sahm wrote:
> could anybody explain me how to modify this programm,
> to use only keys instead of certificates ?
> Thanks to all.
I'm sorry to say, I don't see any easy way to do this with OpenSSL. You have
two choices:
1) Roll your own on top of SSL, using algorithms similar to those i
[EMAIL PROTECTED] wrote:
Does openssl support RFC2898, and if so, what function should I be
looking at?
PKCS5_PBKDF2_HMAC_SHA1()
This function seems to be undocumented:
int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
unsigned char *salt, int saltlen, int
You might wish to reduce the length of your Common Name fields. The
fields are described in X.509 and in RFC 5280, as well as their
maximum lengths.
My suggestion would be to delete all of the keys and certificates you
made, and start from ground zero with shorter names in your original
request.
22 matches
Mail list logo
