On 18/07/06, Dr. Stephen Henson [EMAIL PROTECTED] wrote:
On Tue, Jul 18, 2006, Dave Pawson wrote:
Objective: To generate a certificate and private key for use by MS IIS
server.
We need this certificate to be loaded into an IIS certificate store.
Produces an output, x.pvk.
This isn't
Hi
i have the following environement:
- openssl 9.8.a
- openct/opensc/pkcs11_engine
- etoken USB Pro 64
- Fedora Core 5
My Target is to setup a small PKI using openssl ca and to use the etoken to host
the root private key.
So i have initialize the token:
$ opensc-tool --list-reader
Readers
The command was wrong. here is the good one:
OpenSSL ca -engine pkcs11 -keyfile id_45 -keyform engine -in req.pem -out
cert.pem -config tools/conf/openssl.cnf
By
Philippe.
Selon [EMAIL PROTECTED]:
Hi
i have the following environement:
- openssl 9.8.a
- openct/opensc/pkcs11_engine
-
Hello. There appears to be an issue with the FIPS-approved version of PRNG.
Specifically, fips_rand_bytes(), which is the RAND_bytes() for the FIPS rand
method, checks whether the key pid and the seed pid (both are static
variables set by FIPS_set_prng_key() and FIPS_rand_seed() respectively)
I have
[ ca ]
default_ca = exampleca
[ exampleca ]
dir = /temp/ca
certificate = $dir/private/cacert.pem
database = $dir/index.txt
new_certs_dir= $dir/certs
private_key = $dir/private/ca1key.pem
serial = $dir/serial
default_crl_days = 7
default_days
Dmitriy Khodos wrote:
The function fails if the PID does not match. However,
since PID is obtained by calling getpid(2), under Linux it is going to be
different in different threads.
It depends which version of Linux you are running and which thread
implementation you have at runtime. The
Agreed. However the code in fips-1.0/rand/fips_rand.c does call getpid(2),
and our application does have to run on Linux 2.4.20. Also, my
understanding is that one can not change the FIPS module code without
violating the validation. Does this mean that the current FIPS module
implementation is
Hi,In fact I had the same problem, where the validity duration should be 365 days according to the config. file , but it is acctually one month. I couldn't figure out what's the problem but I used the command line, as you mentioned, to get the one year.Any explanation for this case will be
