Hi,
One of our customers is using a certificate from globalsign.
They use three root certificate's in the chain.
Is there a way to create a pem formatted file with all three certificate's
from the chain?
Regards
Martijn
__
I've finally gotten OpenSSL to work on my Microsoft Windows LAN with
InfoPath 2003.
Here is the order of my use of OpenSSL to generate a .p12 cert for use in
Microsoft's InfoPath 2003 program.
I first created a Root Certification Authority Certificate on a Windows PC
using OpenSSL 0.98a which is
HI:
Now i am trying to design a client/server communication
program on a embedded board and a PC through Internet.SSL will be used to
protect the communication channel.I choose ARM9 as the CPU core of the
embedded board.Now I have compile openssl and have arm-linux-gcc installed
on RH9.But I
I want to create a sample program which connects to the server and reads in various information to verify that this server is trustworthy and then when i verify its the correct one ,connect and transfer data. I have only seen client and server examples which use a client and server pair made by a
One of our customers is using a certificate from globalsign.
They use three root certificate's in the chain.
A definition of root certificate is that nobody in the chain comes after
it. So you don't mean three root certificates, but perhaps three
intermediates or two intermediates and a
For our web server, Wildcat! Web Server, it loads 1 SSL certificate for
the web server.
I have a need to allow multiple SSL certificate for the same web server.
This is not a virtual domain need. I don't fully understand the customer
requirement, but a customer wishes to have use multple SSL
On Mon, 2006-03-13 at 08:35 -0500, [EMAIL PROTECTED] wrote:
So for one group, they will give them a HTTPS URL for domainX, and for
another group, they will give them another HTTP URL for DomainY, but
they
will be hitting the same IP server.
sounds like a virtual domain. If you have 2
Hi,
I am running windows XP (Version 5.1.2600)with service pack 2 and am trying to use MinGW to build openssl. I use the following command as per th einstructions in the Install doc for windows:
c:\openssl-0.9.8ams\mingw32
and get the following read out:
process_begin: CreateProcess(null), copy
IS your tmp folder in c:\openssl-0.9.8a???
if not your path isn't ok
try with full path to the tmp folder
Doug2die4
On 3/13/06, Andrew Madu [EMAIL PROTECTED] wrote:
Hi,
I am running windows XP (Version 5.1.2600) with service pack 2 and am trying
to use MinGW to build openssl. I use the
uno wand wrote:
From: Dr. Stephen Henson [EMAIL PROTECTED]
The block size of AES is 128 bits, you therefore need 16 characters
or 32 hex
digits in the IV.
Steve.
--
Thanks for the reply, I figured that out earlier too, by re-reading
the documentation
I have on hand. I always had the
On 3/13/06 8:43 AM, openssl-users@openssl.org wrote to All:
On Mon, 2006-03-13 at 08:35 -0500, [EMAIL PROTECTED] wrote:
So for one group, they will give them a HTTPS URL for domainX, and for
another group, they will give them another HTTP URL for DomainY, but
they will be hitting the
[EMAIL PROTECTED] wrote:
On 3/13/06 8:43 AM, openssl-users@openssl.org wrote to All:
On Mon, 2006-03-13 at 08:35 -0500, [EMAIL PROTECTED] wrote:
So for one group, they will give them a HTTPS URL for domainX, and for
another group, they will give them another HTTP URL for DomainY, but
hi all, I want to develop a small utility in Cto show all information about the X509 certificate file in a structured comprehensive(as displayed by browsers like IE). i'm working on SLES 9. so please help me out one more thing, i know the routines like X509_get_subject_name() and
vipin rathor wrote:
hi all,
I want to develop a small utility in C to show all information
about the X509 certificate file in a structured comprehensive(as
displayed by browsers like IE). i'm working on SLES 9. so please help
me out
one more thing, i know the routines like
Hi Doug,
yes my tmp folder is in c:\openssl-0.9.8a. Any ideas?
regards
Andrew
On 3/13/06, Doug Frippon [EMAIL PROTECTED] wrote:
IS your tmp folder in c:\openssl-0.9.8a???if not your path isn't oktry with full path to the tmp folder
Doug2die4On 3/13/06, Andrew Madu [EMAIL PROTECTED] wrote:
Thanks.
Pretty much confirm what I thought. The OPENSSL API is so rich and I
havn't touch it (web server) in a while, I figured it wouldn't hurt to ask.
Beating a dead horse. :-)Thanks again.
---
Hector
On 3/13/06 9:46 AM, Ted wrote:
I don't think you can use SSL make multiple (virtual)
Try it with full path maybe it can solve your prob!!!
Doug2die4
On 3/13/06, Andrew Madu [EMAIL PROTECTED] wrote:
Hi Doug,
yes my tmp folder is in c:\openssl-0.9.8a. Any ideas?
regards
Andrew
On 3/13/06, Doug Frippon [EMAIL PROTECTED] wrote:
IS your tmp folder in c:\openssl-0.9.8a???
Doug,
sorry for sounding dim here but could you just clarify what you mean by full path, full path from where to where?
regards
Andrew
On 3/13/06, Doug Frippon [EMAIL PROTECTED] wrote:
Try it with full path maybe it can solve your prob!!!Doug2die4On 3/13/06, Andrew Madu
[EMAIL PROTECTED] wrote:
I mean instead of just writting tmp\e_os.h in your config file ( there
one probably) write down c:\openssl-0.9.8a\tmp\e_os.h
maybe mingw32 couldn't find tmp\e_os.h and need the full path to that file
Doug2die4
On 3/13/06, Andrew Madu [EMAIL PROTECTED] wrote:
Doug,
sorry for sounding dim here
You comments are right, but there is sole evolution.
See my mail from Feb 6, the openssl library contains a patch for the TLS
extension
of servername (which still needs to be implemented in browsers), but at
least the following patch for apache2 (working with a current openssl
snapshot
not
I've just figure out something,
with the openssl x509 -in mycert.crt -noout -text command, Isaw that
there is the same subjectAltName in my two cert. I'm sure that I
diodn't wrote the same in both of them, but seems like if some one
have modify it. =-)
BTW I've add the subjectAltNmae by writting
[EMAIL PROTECTED] wrote:
On 3/13/06 8:43 AM, openssl-users@openssl.org wrote to All:
On Mon, 2006-03-13 at 08:35 -0500, [EMAIL PROTECTED] wrote:
So for one group, they will give them a HTTPS URL for domainX, and for
another group, they will give them another HTTP URL for DomainY, but
they
nope, no joy here!
Any other ideas as to why a folder/file combination cannot be found within the config file(s)?
Andrew
On 3/13/06, Doug Frippon [EMAIL PROTECTED] wrote:
I mean instead of just writting tmp\e_os.h in your config file ( thereone probably) write down c:\openssl-
nope sry
for my part that the only thing that come in mind, if I think of
something else I'll let you know.
On 3/13/06, Andrew Madu [EMAIL PROTECTED] wrote:
nope, no joy here!
Any other ideas as to why a folder/file combination cannot be found within
the config file(s)?
Andrew
On
Doug Frippon wrote:
I mean instead of just writting tmp\e_os.h in your config file ( there
one probably) write down c:\openssl-0.9.8a\tmp\e_os.h
maybe mingw32 couldn't find tmp\e_os.h and need the full path to that file
Certain that \o isn't a quoted o in this context? Forward or doubled-back
[EMAIL PROTECTED] schrieb:
Pretty much confirm what I thought. The OPENSSL API is so rich and I
havn't touch it (web server) in a while, I figured it wouldn't hurt to ask.
An alternative would be one host certificate with multiple
subject alt names.
This way you can issue a certificate that
Hi,
I gave up and downloaded a binary!
Andrew
On 3/13/06, Doug Frippon [EMAIL PROTECTED] wrote:
http://archive.midrange.com/linux5250/200505/msg00024.html
look at this I think I could help youCertain that \o isn't a quoted o in this context?Forward or doubled-backslashes?I don't think
The normal PEM_read, etc., functionsstop when they find the first object of the right type.If you want to
read in a multiple certs from a single file, you probably want to use adata format such as PKCS7 or PKCS12 that supports it natively.Actually you can use PEM_X509_INFO_read_bio() to read in a
Sry finally found where I did wrong.
I should change the FQDN in the x509v3.cnf file
that where it take info to make the x509 cert
Thx to all anyway
On 3/13/06, Doug Frippon [EMAIL PROTECTED] wrote:
I've just figure out something,
with the openssl x509 -in mycert.crt -noout -text command, Isaw
I've just recently put together a C# class library that wraps the crypto DLL via PInvoke. I was wondering if anyone here would be interested in such a thing or if perhaps I should just create a seperate project for it. It has many advantages but the biggest is allowing for ease of use of the
http://archive.midrange.com/linux5250/200505/msg00024.html
look at this I think I could help you
Certain that \o isn't a quoted o in this context? Forward or doubled-back
slashes?
I don't think !!
regards
Doug2die4
__
OpenSSL
Dominique Lohez wrote:
This could be due to the fact that in JAVA character are coded in
UNICODE ( Each character uses 2 bytes)
While in C each character is coded with only one byte for each
character. This could be checked from JAVA by squeezing
the first byte of each character.
I would
To verify a server as trustworthy, you must obtain the server's
certificate, and certificate chain leading up to a trusted CA, or
explicitly trust the server's certificate as presented.
You can avoid the C problem by using Perl or another language which
can speak TLS/SSL, but you cannot avoid
Dear,
I want to set a 12 hex digit to a BIGNUM, how can i do
that?
for example
double ii= 0x0BE07D99DB79;
The instruction wont work? int BN_set_word(BIGNUM *a,
unsigned long w);
Regards,
Kashif
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail
Hello.
I tried to create CSR for update the SSL server.
I used following command:
openssl req -new -key key2006.pem -out csr.pem.
But I can't input State or Province Name Locality Name.
I checked the CSR file using openssl req -noout -text -in
csr.pem.
But I couldn't find State or
Hi,
I used following command:
openssl req -new -key key2006.pem -out csr.pem.
But I can't input State or Province Name Locality Name.
I checked the CSR file using openssl req -noout -text -in
csr.pem.
But I couldn't find State or Province Name Locality Name in this file.
So I can't update SSL
Hi,
As per the standards for tls1.0, ssl3.0 if the
'DistinguishedName certificate_authorities3..2^16-1' field must be
atleast 3 bytes. But tls1.1 says it can be 0 length if not present.
openssl does things the tls1.1 way if there are no distinguished names,
i.e., sends 0 length even for
37 matches
Mail list logo
