Hi all,
I have just created a new CA which has the extension to allow client
authentication. My previous CA worked fine without this extension but some
client application now requires that I set it. So I've created a new client key
pair and signed it with the new CA, but when I use openssl
Try these:
- split the certificates from your CA/cecert.pem into individual files
with correct hashes
- run strace -eopen openssl verify -CApath yourcacertsdirectory
client.cert
--
Erwann ABALEA
Le 04/06/2013 09:02, Leon Brits a écrit :
Hi all,
I have just created a new CA which has the
Hello,
I am using strongswan(v_4.5.3) for ipsec, that uses my X509 certificate
and RSA private key.
If i use RSA private key(un-encrypted) that is PKCS#8 encoded, then
strongswan is not able to load the key. But it works, if i use a
traditional PKCS#1 encoded RSA key.
Could anyone explain,
On Mon, Jun 03, 2013 at 11:32:31PM +, Viktor Dukhovni wrote:
I want to use SSL_CTX_set_cert_verify_callback() to customize how
certificate verification is performed. I need to be able to selectively
add/remove from the set of untrusted additional certificates in
X509_STORE_CTX.
On Tue, Jun 04, 2013, Viktor Dukhovni wrote:
On Mon, Jun 03, 2013 at 11:32:31PM +, Viktor Dukhovni wrote:
I want to use SSL_CTX_set_cert_verify_callback() to customize how
certificate verification is performed. I need to be able to selectively
add/remove from the set of untrusted
On Tue, Jun 04, 2013 at 04:38:42PM +0200, Dr. Stephen Henson wrote:
Note, to implement DANE, I using 1.0.0 or later only. So if with
1.x.y there is a reasonable expectation that libcrypto versions
with the same SONAME don't vary in the offset of the untrusted
member in X509_STORE_CTX,
I'm a little confused about which cipher suites are supported by which SSL/TLS
protocol versions.
I'm using Appendix C of the TLS 1.0, 1.1, and 1.2 RFCs, respectively, as a
starting point for which cipher suites are supported in which version of the
protocol, but I'm not sure how to parse the
Ahhh, it looks like Appendix A.5 answers my questions more easily than Appendix
C.
I believe these are the answers:
In fact, TLS 1.1 does prohibit the use of the export cipher suites in TLS 1.0.
So there are effectively a few (9 by my count) cipher suites that supported in
TLS 1.0 that are
Hello,
Could anyone let me know which is the suitable openssl command to convert
PKCS#8 key to traditional PKCS#1 key in openssl_1.0.0?
I used the below command, and it works in openssl_1.0.0:-
openssl rsa -in pkcs8.pem -out pkcs1.pem
But if i use the below command, it doesn't work in
Hello,
I have few queries wrt the RSA private key generation and writing using
openssl. Could anybody please clearify.
(1). Has the behavior of api PEM_write_PrivateKey() has been changed
between openssl 0.9.8 and 1.0.0 ?
(2). The above api uses PKCS#8 encoding (while writing) by default in
10 matches
Mail list logo
