I have a Redhat Linux 6.2 server running Apache with mod-ssl. We were
using SSH and Teraterm for connecting
to the server remotely. Unfortunately that proved to be a security
problem, so we are shopping for a solution. We
would like to carry on with Teraterm since we have a large number of
On Mon, 10 Dec 2001, Bear Giles wrote:
Would this be a hassle if you have a root CA with a lot of intermediate
signers? That means that you have to store/locate all possible intermediate
signers to evaluate a couple of end user certificates.
This is why PKCS12 (iirc) provides a
Hello!
I use this when initializing.
SSL_CTX_use_PrivateKey_file(ssl_ctx, keyfile, SSL_FILETYPE_PEM)
what is the correct way of accessing this keyfile later. I.e. I would
like to say:
skey = ssl_ctx-private_key;
or similar.
/Douglas
-Original Message-
From: Doug Poulin [mailto:[EMAIL PROTECTED]]
Sent: 10 December 2001 22:51
To: [EMAIL PROTECTED]
Subject: Help needed with getting SSL installed
I have a Redhat Linux 6.2 server running Apache with mod-ssl. We were
using SSH and Teraterm for connecting
to the server
Hi evryone,
I have generated my own certificate for testing (I'm just starting to learn
about SSL) in my linux box using CA.pl:
CA.pl -newca
CA.pl -newreq
CA.pl -signreq
CA.pl -pkcs12 Test certificate
Those have been executed inside my Linux box with latest stable version of
openssl... and then
That's me told then, so to authenticate a certificate you need the whole
chain of certs going from the cert to authenticate all the way to a
trusted CA.
The application I am writing is presented with certs to authenicate from an
external source, and the configuration has to hold a pool of
Hi,
I have been trying to figure out what the flags are for this function and
have come up with the following, can someone verify?
int OCSP_basic_verify(OCSP_BASICRESP *bs, // the OCSP response
STACK_OF(X509) *certs, // intermediate signing certs
On Tue, 11 Dec 2001, Tat Sing Kong wrote:
That's me told then, so to authenticate a certificate you need the whole
chain of certs going from the cert to authenticate all the way to a
trusted CA.
It's unlikely just authentication is of any practical use;
authorization is and risk of
On Mon, Dec 10, 2001 at 02:50:46PM -0800, Doug Poulin wrote:
Is this the right way to go? Is anyone working on a SSH2 library for
Teraterm?
Check out putty (http://www.chiark.greenend.org.uk/~sgtatham/putty/).
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL
Hi
I could not convert my key-cert.pem into a pkcs7 format,
even following all the steps in
www.binarytool.com/docs/ssl-cert-HOWTO.html to make my
cert.
After following these steps I wrote in the terminal:
openssl pkcs7 -in key-cert.pem -out key-cert.p7b
The resulting error was:
unable to
Hi,
I want to generate a pkcs10 request with req command line tool but I
don't
know how to specify a particular key usage.
I know I have to work in openssl.cnf line marked 'req_extension'... what
kind of string has to be added in that line?
Thanks for any help.
[EMAIL PROTECTED] wrote:
Hi,
I want to generate a pkcs10 request with req command line tool but I
don't
know how to specify a particular key usage.
I know I have to work in openssl.cnf line marked 'req_extension'... what
kind of string has to be added in that line?
Its req_extensions
Hello all!
First of all, since this problem seems not very difficult... where
is the faq of this list?.
Now, the problem:
merry:/usr/local/ssl# bin/openssl ca -policy policy_anything -out
newcert.pem -config openssl.cnf -infiles new.pem
Using configuration from
This doesn't help you when presented a naked cert by a stranger[...]
Any parseable certificate presented by a strager is good enough to
use that public key to send email encrypted to *his* private key.
At least if there's no chance for man-in-the-middle.
Not if the cert denies such
Carlos Costa Portela wrote:
merry:/usr/local/ssl# bin/openssl ca -policy policy_anything -out
newcert.pem -config openssl.cnf -infiles new.pem
Using configuration from openssl.cnf
unable to load CA private key
It really means what it says -- the path to the private directory
is based on the
HI, my set up is as follows:
Apache 1.3.22 with mod_ssl 2.61 OPENSSL 0.9.5
Tomcat 3.3
SOAP 2.2
JSSE 1.0.2
I have a SOAP client that works perfectly with and without SSL when running
the client from Windows 2000 or XP. However when I try to test the client
from 95/98 with SSL I get the
Dear all,
I want to verify a certificate. I used the verify command but I realized
that it does check if the certificate is revoked or not. I used this
command:
openssl verify -CApath /usr/local/ca -CAfile /usr/local/ca/cacert.pem
/usr/local/ca/newcerts/new8.pem
I get the ok answer even if the
On Tue, 11 Dec 2001, Michael Sierchio wrote:
Carlos Costa Portela wrote:
merry:/usr/local/ssl# bin/openssl ca -policy policy_anything -out
newcert.pem -config openssl.cnf -infiles new.pem
Using configuration from openssl.cnf
unable to load CA private key
It really means what it says
18 matches
Mail list logo
