I'm having problems importing my OpennSSL certificates to my keystore. I
created my root certificate in cacert.pem and I'm trying to import this now
to my keystore.
okay. some progress. I was able to import my CA using keytool. Apparently,
you have to specify an alias for it.
keytool
First post here, so: hello everybody ...
I'm working on a project which involves an embedded device running Java and
presenting the JCE API to applications. Currently the JCE provider used is
BouncyCastle. This works, but slowly, most conspicuously during generation of
RSA keys.
One course I
The anonymous DH ciphersuites (disabled by default) can perform SSL/TLS
without using certificates. To use these you need to set appropriate DH
parameters on the server side and enable the ciphersuites using an appropriate
cipher string.
However without some form of authentication the
Then I tried importing a certificate signed by my CA. But now it's
complaining that Input not an X.509 certificate. Is it because my
extension is .pem?
Yes! I found the answer by going through some old threads in the Sun
Microsystems website. I had to convert the PEM certificate to a DER file
I have created my own root certificate and key so i can become my own
CA. Have created singed certs for my imap smtp and webmail server
using the common name computerking.ca. This works fine for mozilla but
with microsoft' s outlook and explorer i get errors about the CN name
not matching
Hi ,
I have the x509 v3 certificates, I would like to validate the BASIC
CONSTRAINTS FIELD.
Using X509_get_ext_d2i I will get the BASIC_CONSTRAINTS structure if it
is present.. How to extract and validate the cA and pathLenConstraint
from the structure?
Any inputs on this?
Thanks in advance.,
Hi,
I have seen old posts around for the following error
but I haven't seen a resolution for sparc. I maintain
openssl-0.9.7d as a package on solaris8 and would like
to replace the sun ssl package used for the crypto
daughterboard with my package so I only maintain
openssl in one place. I also
On Wed, Aug 11, 2004, [EMAIL PROTECTED] wrote:
The anonymous DH ciphersuites (disabled by default) can perform SSL/TLS
without using certificates. To use these you need to set appropriate DH
parameters on the server side and enable the ciphersuites using an appropriate
cipher string.
Liam,
All you will need to do is comvert the PEM format to DER.
If you user cert is called me.pem then:
openssl x509 -in me.pem -outform DER -out me.cer
I think that is all you will need to do. I don't have access to my
openssl right now, but I have done this before to get the certs into
Hi,
I hope somebody can help me with the following
problems.
I am working to replace legacy BSAFE application with
the OpenSSL and I have to work with the legacy BSAFE
generated RSA keys.
I am unable to read BSAFE private key that has BSAFE
type:
KI_PKCS_RSAPrivateBER - This is ASN.1 key that is
Hi all!
Is there a simple way to convert the certificate name blob to a null
terminated char string using OpenSSL?
Thank you,
Areg
On Wed, Aug 11, 2004, Areg Alimian wrote:
Hi all!
Is there a simple way to convert the certificate name blob to a null
terminated char string using OpenSSL?
If you mean a human readable text string then calling X509_NAME_print_ex() to
a memory BIO is the most flexible solution.
On Wed, Aug 11, 2004, Chris Tojza wrote:
Hi,
I hope somebody can help me with the following
problems.
I am working to replace legacy BSAFE application with
the OpenSSL and I have to work with the legacy BSAFE
generated RSA keys.
I am unable to read BSAFE private key that has BSAFE
type:
I have created my own root certificate and key so i can become my own
CA. Have created singed certs for my imap smtp and webmail server
using the common name computerking.ca. This works fine for mozilla but
with microsoft' s outlook and explorer i get errors about the CN name
not matching the
On Wed, Aug 11, 2004 at 02:17:05AM -0600, RYAN vAN GINNEKEN wrote:
commonName:PRINTABLE:'mail1.computerking.ca'
Try the CN *.computerking.ca. That's an asterik.
--
Ng Pheng Siong [EMAIL PROTECTED]
http://firewall.rulemaker.net -+- Cisco PIX Netscreen Config Version Control
Hi Steve,
Thank you for the quick response! There are indeed lots of options on the
output format. Now if I just want to extract the common field string, do I
search for CN= prefix or is there a better way?
Thank you once again,
-Areg
-Original Message-
From: [EMAIL PROTECTED]
Yes if you are trusting any certificate then you might as well use anon DH.
Normally, for certificates, this is resolved by using a mutually acceptable
certificate or CA certificate which have been exchanged by some secure means.
Steve.
First of all thanks for your suggestions, i'll keep
In message [EMAIL PROTECTED] on Tue, 10 Aug 2004 15:20:48 -0300, Roberto Gallo
[EMAIL PROTECTED] said:
robertogallofilho I would like to develop a new engine with some
robertogallofilho crypto functions to with OpenSSL. Where can I get
robertogallofilho information about the API?
I'm afraid
In message [EMAIL PROTECTED] on Tue, 10 Aug 2004 22:32:14 +0200 (CEST), Juan Segarra
[EMAIL PROTECTED] said:
juan man 3 engine
Heh, I had forgotten...
-
Please consider sponsoring my work on free software.
See http://www.free.lp.se/sponsoring.html for details.
--
Richard Levitte
On Wed, Aug 11, 2004, Areg Alimian wrote:
Hi Steve,
Thank you for the quick response! There are indeed lots of options on the
output format. Now if I just want to extract the common field string, do I
search for CN= prefix or is there a better way?
Its not a good idea to attempt to
On Wed, Aug 11, 2004, [EMAIL PROTECTED] wrote:
Yes if you are trusting any certificate then you might as well use anon DH.
Normally, for certificates, this is resolved by using a mutually acceptable
certificate or CA certificate which have been exchanged by some secure means.
Steve.
21 matches
Mail list logo
