On Sat, Mar 16, 2013 at 12:06:07AM -0400, Ewen Chan wrote:
That's MUCH faster than I expect it to be (even with AES-NI) and the
888 MB/s is faster than any available storage host-bus interface we've
got right now; so I want to make sure that I am not losing my marbles
here in trying to make
On Sat, Mar 16, 2013 at 01:16:23AM -0400, Ewen Chan wrote:
Okay then, here's another one of my infamous dumb questions.
If that's the case, then why do we need the AES-NI instruction set?
It's far from the first accelerated instruction set of dubious utility. ;)
Marketing... etc.
Actually,
On Wed, Mar 13, 2013 at 04:00:48PM -0400, Ewen Chan wrote:
I'm running on a 30 TB server with about 1.4 million files.
I think that at last audit, the single largest file is 45 GB (as an example).
And I'm prepping to run AES-256-CBC.
The host system has a SATA 6 Gbps, 10 drive, RAID5
The Certification Request has a signature field generated by running the RSA
sign operation against the fields in the request. This signature is used to
perform an RSA verify using the public key in the request. The signature must
be valid for most CAs to accept the request. The cryptographic
Use the dumpasn1 utility on it, it's in almost every Linux distro, or from its
website:
http://www.cs.auckland.ac.nz/~pgut001/dumpasn1.c
Matthew.
On Wed, Feb 20, 2013 at 07:54:00PM +, Santhosh Kokala wrote:
Hi All,
I am unable to identify the certificate format that I received during
On Wed, Feb 20, 2013 at 06:51:12PM -0500, Dave Thompson wrote:
Or openssl asn1parse, likely available to anyone asking here
even on non-Linux; with -inform der if applicable which it is
here (easily determinable with any kind of octal or hex dump
or a good guess for anything that doesn't
On Mon, Feb 18, 2013 at 10:57:14AM -0800, Joel Bion wrote:
3372:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:.\ssl\s23_lib.c:177:
I think this is the important thing to check:
error:[error code]:[library name]:[function name]:[reason string]
error:140790E5:SSL
Hi Erwann,
On Thu, Feb 14, 2013 at 11:09:23AM +0100, Erwann Abalea wrote:
RFC5280 was not written by the CAs themselves.
Some of them are listed in the authorship; they also reference 5280 and other
PKI RFCs in their standards they created as part of the CAB Forum and the
Webtrust auditing
On Thu, Feb 14, 2013 at 05:37:00AM +, Viktor Dukhovni wrote:
On Thu, Feb 14, 2013 at 04:11:33AM +, Viktor Dukhovni wrote:
A more complete example:
$ cat openssl.cnf
[ req ]
distinguished_name = dn
req_extensions = san
[ dn ]
[ san ]
subjectAltName
On Thu, Feb 14, 2013 at 11:55:59AM -0800, Matthew Hall wrote:
I used this configuration file:
[req]
default_bits = 4096
prompt = no
encrypt_key= no
default_md = sha256
distinguished_name = dn
req_extensions = san
[dn]
[san]
subjectAltName
On Fri, Feb 15, 2013 at 07:03:20AM +0100, Walter H. wrote:
Hello,
can someone, please tell me, how to generate a certificate
that conforms to http://www.ietf.org/rfc/rfc3739.txt (RFC 3739)
Thanks,
Walter
Hi Walter,
We could help better if we understood what's not working for you and
is supported at all, and if it is supported, how I should be
invoking the command to get the expected behavior. If it's documented already,
and I missed it, I apologize in advance.
Thanks,
Matthew Hall
command:
openssl req \
-new -config test-no-cn.cnf -newkey rsa:4096 -nodes \
-outform der -out
I am sure at least some would sign it because RFC 5280 PKIX standard was
written by the CAs themselves and they are the ones deprecating CN in favor of
SAN.
--
Sent from my mobile device.
Viktor Dukhovni openssl-us...@dukhovni.org wrote:
On Thu, Feb 14, 2013 at 04:11:33AM +, Viktor
On Thu, 21 Nov 2002, mikecross wrote:
Seems to me that you problem is that you didn't supply
password.
PKCS12 format stores Private + Public key pair
encrypted with password.
Why would I want to store all this in a pcks12 file that
I want to give to clients/other people to import into
their
I'm trying to find out how to take my ca.crt file (signed
by my own CA self) and convert it to pkcs12 format for importation
into Mozilla, so that Mozilla will recognize anything else signed
by me as 'OK'.
Converting it to DER format was easy:
openssl x509 -in ca.crt -out ca.der -outform DER
15 matches
Mail list logo