(tl;dr : see questions at the end)
I'm trying to build nested CMS structures, as in, having a file F, a signer S
and a recipient R, I want to build a CMS-compliant message M which looks like:
M = SignedData(ECI, SignerInfo(S))
ECI = EncapsulatedContentInfo( EnvelopedData( RecipientInfo(R) )
We have a webserver with an SSL self-signed certificate that uses our company
CA cert in its chain to authenticate along with a user certificate on the
client browser. The Client cert loads and shows issued to server-unc and
the only other chain portion is our Self-Signed CA Cert. This has been
Did you give them the same serial number? Because that will break things.
On Thu, May 1, 2014 at 2:37 PM, foxtrot dsy...@qualbe.com wrote:
We have a webserver with an SSL self-signed certificate that uses our
company
CA cert in its chain to authenticate along with a user certificate on the
Am 30.04.14 16:13, schrieb Viktor Dukhovni:
The function is part of the public API (its name starts with an
upper case X509 not x509 as with internal interfaces), so changing
its semantics would introduce an incompatibility with applications
that rely on the old behaviour.
Well, bug fixes in
Hy!
If I have suspended (crlReason=certificateHold) a certificate in the past an
now want to really revoke it using openssl ca, I get an error message
ERROR:Already revoked, serial number 01. Is there some way to make openssl
automaticalls upgrade the suspension to a revocation with having to
A further related question: Is there some way to remove a suspended
certificate from a CRL without manually editing the index file? Using the -
crl_reason removeFromCRL option on the ca command does not work.
cheers
Mat
On Friday 02. May 2014 14:35:23 you wrote:
Hy!
If I have suspended
We have a webserver with an SSL self-signed certificate that uses our company
CA cert in its chain
I can't parse that -- either it's self-signed (usually only done by root CA's),
or it's using an internal company CA.
Can you post x509 -text for both certs?
/r$
--
Principal
Here are the text outputs of the certs:
1) app server cert (not the new server)
Data:
Version: 3 (0x2)
Serial Number: 242 (0xf2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Texas, O=QBI, OU=Information Technology, CN=QB Root
CA
Validity
no. I posted the text versions of our CA and both certs.
--
View this message in context:
http://openssl.6102.n7.nabble.com/whichever-certificate-loading-first-wins-tp49869p49896.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
Nothing jumps out at me, sorry. Hopefully others will find something.
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me; Twitter: RichSalz
__
OpenSSL Project
Hello,
I recommend you have a look at here, where I compiled 1.0.0a.
http://delaage.pierre.free.fr/
There is a lot of compilation issues to compile for WCE.
I am NOT using VC compiler, but a free compiler for WCE from MS, called EVC.
Basically, compilations options are very similar to ones for
I would like to create a TCP client/server scenario:
- a simple C server on a VPS
- a simple C client on another device
And I would like to secure the TCP connection between them. GnuTLS
seems to be a good choice (they also propose some client/server
samples).
My web hosting provider gave me a SSL
On Thu, May 01, 2014 at 02:37:59PM -0700, foxtrot wrote:
However, we are unable to get
both certificates to work at the same time. If we load one of them first it
works but the other will not load (fails). We can't seem to understand why
whichever SSL is the 2nd to be read fails. Thoughts?
I open my browser on my client windows workstation. I open the URL to
webserver1 and the certificate on that server shows a green lock, no
warnings...allows me access. I open a 2nd browser tab with the URL of
webserver2 and I get an SSL Error and cannot get there...not even a
warning...just
Hello,
in the request tracker under item #843 there are patches for 0.9.7c
(created and tested on Fujitsu BS2000) and 0.9.7j (updated by Jeremy
Grieshop for z/OS).
Because i saw no actions to incorporate the patches into the official
sources in the last ten years i saved afterwards the work to
Maybe I'm missing something, but:
- The app server cert is not signed by the CA cert, so there's no point in
sending the CA cert as part of the chain for that server.
- The app server cert isn't self-signed, either (contrary to what the original
message claimed).
- The new cert is an X.509v1
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of foxtrot
Sent: Friday, 02 May, 2014 11:47
I open my browser on my client windows workstation. I open the URL to
webserver1 and the certificate on that server shows a green lock, no
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of Frederic Nivor
Sent: Friday, 02 May, 2014 11:18
To: openssl-users@openssl.org
Subject: OpenSSL / GnuTLS / Certificate Installation HowTo
I would like to create a TCP client/server scenario:
- a
18 matches
Mail list logo