Hello openssl-users,
this issue seems to treat openssl-dev subscription, but i wouldn't
bother them with possibly stupid discussion.
so, i'd like you to disscuss (or say why not): is it possible to use
PGP within opensssl(OpenPGP) and how, if it is?
As you may now, TLSv1
Dr S N Henson wrote:
Brandon Amundson wrote:
I am trying to sign a server cert from IIS 5.0 with my CA (openssl) that
runs on my linux webserver.
I have successfully signed the cert and move it back into IIS but when I go
to access the site, the certificate dialog
box pops up
Hi,
I'am trying to authenticate clients connecting to my server.
[06/Mar/2002 18:45:19 25124] [info] Connection to child 3 established
(server hub-1.trema.com:443, client 66.54.34.7)
[06/Mar/2002 18:45:19 25124] [info] Seeding PRNG with 512 bytes of
entropy
[06/Mar/2002 18:45:19 25124]
Hi!
I' m experiencing
difficulties while trying to sign a certificate request (openssl ca -keyfile
./private/caKey.pem -in ./private/gatewayReq.pem -out gatewayCert.pem -outdir
./certs). The error message is: wrong number of fields on line 2 (looking for
field 6, got 1, '' left)
Who can
Maybe what he's after is compartmented security or mandatory access
controls on
the single host.
It would be an OS level thing to approach an orange book B level. If
he's using
Linux then a place to start would be:
http://www.nsa.gov/selinux/index.html
-Lance Nehring
New Particles
Maybe what he's after is compartmented security or mandatory access controls on
the single host.
It would be an OS level thing to approach an orange book B level. If he's using
Linux then a place to start would be:
http://www.nsa.gov/selinux/index.html
-Lance Nehring
New Particles
hi,
your problem is in the index.txt file (located in your CA-directory). The individual
entries in each line of that file must absolutely be separated by TABs, not by spaces!
Your index.txt probably got messed up, meaning that the tabs were converted to
spaces (maybe you saved it from a text
I tried to do this;
how can you get your CA to appear in the list of acceptable ca names?
The FAQ gives the reason for this and some more info. What it doesn't
say is how to add your CA to the trusted list of IIS. IIRC you can do
this via the certificate import wizard, something like
Hello,
I'm a new user and trying to install and configure OpenSSL for iPlanet 4.1 web
server on solaris 5.7 platform. I did installed the Openssl openssl-0.9.6c and
don't know how to proceed next to get certificate and install.
I appreciate any help.
-Prasanna
As I mentioned previously, I was mistaken in that I had made a SSL Email
cert request from a free-email address. Much to my chagrin, I am now the
technical contact on some SSL Server requests, and I can tell everyone
here, first hand, that it is amazing how thorough you guys are in verifying
Hi everybody,
we have set up our own CA and generated for everybody
user certificates for secure communication. It really works
fine.
The task: now we want to set up mailinglists (server side)
like [EMAIL PROTECTED] where some users of our company and
some from a customer should be able to
At 21:41 07.03.2002 +0100, you wrote:
Hi everybody,
we have set up our own CA and generated for everybody
user certificates for secure communication. It really works
fine.
The task: now we want to set up mailinglists (server side)
like [EMAIL PROTECTED] where some users of our company and
some
Can someone please help a poor newbie understand exactly what this is
for and how it's used? I've tried looking at the documentation, but I
feel like I'm drowning, probably because I'm trying to understand the
details, but not quite getting the simple stuff,..
Thanks in advance,
Issac
Hi everyone,
Having some trouble with openssl
smime...
Goal: To use openssl to create smime messages so
that I can send encrypted email to people from the command line with aid of
sendmail or something similar.
Problem: I'm getting errors using openssl smime and
I don't know why. Below
Hi,
If this can be done currently, can someone provide some details?
I did look though the list:
http://www.mail-archive.com/openssl-users@openssl.org/
I didn't find an answer there, but have found a draft
at
http://www.openssl.org/docs/HOWTO/certificates.txt
that mentions
Liam Walker wrote:
$ openssl pkcs7 -in LiamWalker.p7b -inform DER -out LiamWalker.pem
-outform PEM
This command is converting a PKCS#7 structure from DER to PEM format...
This generated the appropriate output files so I assume they are ok.
openssl pkcs7 with -print_certs was able to
Brandon Amundson wrote:
I tried to do this;
how can you get your CA to appear in the list of acceptable ca names?
The FAQ gives the reason for this and some more info. What it doesn't
say is how to add your CA to the trusted list of IIS. IIRC you can do
this via the certificate
If this can be done currently, can someone provide some details?
What I presume you want to do is to package some certificates in a
binary PKCS#7 structure, which is what .p7b is. To do this you can call:
openssl crl2pkcs7 -nocrl -certfile cert1.pem -certfile cert2.pem
-certfile cert3.pem
Vadim Fedukovich wrote:
Hello,
would this construct
ASN1_SEQUENCE(SomeTypeDefinition) = {
ASN1_IMP(, someFieldName, ASN1_FBOOLEAN, N)
be fine for someFieldName [N] BOOLEAN DEFAULT FALSE in ASN.1?
Should one use ASN1_IMP_OPT() instead?
You should always use OPT with the
On Thu, 7 Mar 2002, Dr S N Henson wrote:
Vadim Fedukovich wrote:
Hello,
would this construct
ASN1_SEQUENCE(SomeTypeDefinition) = {
ASN1_IMP(, someFieldName, ASN1_FBOOLEAN, N)
be fine for someFieldName [N] BOOLEAN DEFAULT FALSE in ASN.1?
Should one use ASN1_IMP_OPT()
On Thu, 7 Mar 2002, Damian Hesse wrote:
Hi everybody,
we have set up our own CA and generated for everybody
user certificates for secure communication. It really works
fine.
The task: now we want to set up mailinglists (server side)
like [EMAIL PROTECTED] where some users of our company
Thank you.
Sorry, I didn't detail the situation well.
The output file can be .pem that's not a problem, the internal format needs
to be pkcs7.
What I was asked to do is take a Linux box with OpenSSL already installed on
it and set it up as a Root or Certificate Authority to supply
GOLDING,CHARLTON (Non-HP-Corvallis,ex1) wrote:
Thank you.
Sorry, I didn't detail the situation well.
The output file can be .pem that's not a problem, the internal format needs
to be pkcs7.
The certificate creation utilities in OpenSSL don't have an option to
package a certificate in
In Makefile.ssl I find the following:
@if [ -n $(SHARED_LIBS) ]; then \
tmp=$(SHARED_LIBS); \
for i in $${tmp:-x}; \
do \
if [ -f $$i ]; then \
( echo installing $$i; \
Hi,
OCSP stands for Online Certificate Status Protocol. This, as the name
suggests specifies a protocol to obtain the Status of a Certificate Online.
There can be many reasons for a certificate to become invalid even before
its actual lifetime for which it was issued. These may be Key
hi,
i have a problem which i would like your help in solving. In my client-server
application the client uses java jsse and server uses openssl. The application needs
both sides to be authenticated. Also it requires that the session be cached as the
client requires multiple connection to
Jörn,
The task: now we want to set up mailinglists (server side)
like [EMAIL PROTECTED] where some users of our company and
some from a customer should be able to write signed and
encryted emails and everybody on the list should be able to
read it.
The question is how should this be
27 matches
Mail list logo