I read somewhere that subject commonName is now deprecated in favor of
subjectAltName.
Are there certs out there in the wild with no subject CN, only SAN?
-FG
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
I'm troubled by what seems to be a weird problem with private oid definitions
in ca.conf.
Issuing a certificate works perfectly with the attached ca.conf file, as long
as I specify the private extension via its OID in the [ my_ext ] section. When
I replace the OID line with the commented out
oid_section = new_oids must be in the top level, not in [ca], [myca],
or whatever. Just move that declaration to the top.
ICAO has only defined document types 'P' and 'ID', hasn't it?
--
Erwann ABALEA
Le 13/02/2013 16:46, Eisenacher, Patrick a écrit :
I'm troubled by what seems to be a weird
Hi Erwann,
-Original Message-
From: Erwann Abalea
oid_section = new_oids must be in the top level, not in [ca], [myca],
or whatever. Just move that declaration to the top.
Thank you. This works like a charm.
Patrick Eisenacher
Hi,
I am trying to compile FIPS capable openssl and I am using --with-fipslibdir
switch which points to fipscanister.o. When I do this I see compilation errors
Compiling FIPS Object Module:
./config --install_prefix=/home/test_user/fips
make
make install
Compiling Openssl
./config
On Wed, Feb 13, 2013, Santhosh Kokala wrote:
Hi,
I am trying to compile FIPS capable openssl and I am using --with-fipslibdir
switch which points to fipscanister.o. When I do this I see compilation errors
./config fips
--with-fipslibdir=/home/test_user/fips/usr/local/ssl/fips-2.0/lib/
Thanks it worked.
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dr. Stephen Henson
Sent: Wednesday, February 13, 2013 2:53 PM
To: openssl-users@openssl.org
Subject: Re: config --with-fipslibdir set
On Wed, Feb 13, 2013,
Hi,
I am compiling FIPS capable Openssl using FIPS object module openssl-fips-2.0.2
and openssl -1.0.1c. After building FIPS object module and Openssl, when I run
make test inside openssl directory ecdsatest fails. Can someone please let
me know how to fix this issue?
My configure command
Hi,
Building the FIPS module on sparc 64-bit is generating a 32-bit
binary. The following message is in the output:
WARNING! If you wish to build 64-bit library, then you have to
invoke './Configure solaris64-sparcv9-cc' *manually*.
My understanding is that building with that
I did further debugging and I found out that -d switch is causing the failure.
./config fips -d
ake depend
make
make test
This will cause the ecdsatest to fail.
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Santhosh Kokala
Sent: Wednesday, February
Hello,
I tried to figure out how to create a certification request which has an empty
CN and only uses SANs, in line with the recommendations of the latest PKIX RFC
5280.
I tried various permutations of commenting out distinguished_name, adding a CA
section referencing a policy with
On Wed, Feb 13, 2013 at 07:46:10PM -0800, Matthew Hall wrote:
Hello,
I tried to figure out how to create a certification request which has an
empty
CN and only uses SANs, in line with the recommendations of the latest PKIX
RFC
5280.
I tried various permutations of commenting out
On Thu, Feb 14, 2013 at 04:11:33AM +, Viktor Dukhovni wrote:
You'll naturally need to add the requisite subjectAltName extensions.
A more complete example:
$ cat openssl.cnf
[ req ]
distinguished_name = dn
req_extensions = san
[ dn ]
[ san ]
subjectAltName
I am sure at least some would sign it because RFC 5280 PKIX standard was
written by the CAs themselves and they are the ones deprecating CN in favor of
SAN.
--
Sent from my mobile device.
Viktor Dukhovni openssl-us...@dukhovni.org wrote:
On Thu, Feb 14, 2013 at 04:11:33AM +, Viktor
14 matches
Mail list logo
