Hi All
I just subscribed to this list.
I have some familiarity with openssl having used it to generate self
signed keys for testing secured web applications (on Apache 2.2),
prior to deployment, at which time my colleagues would buy a server
certificate from one of the usual CAs, such as
On Wed, Jul 25, 2012 at 4:03 PM, Tom Browder tom.brow...@gmail.com wrote:
On Wed, Jul 25, 2012 at 12:49 PM, Ted Byers r.ted.by...@gmail.com wrote:
Hi All
Hi, Ted. I, too, have been looking for something like you have. I am
in the process of creating a Perl program that may be able to help
On Thu, Jul 26, 2012 at 7:20 AM, Florian Rüchel
florian.ruec...@ruhr-uni-bochum.de wrote:
On 26.07.2012 12:57, Tom Browder wrote:
On Thu, Jul 26, 2012 at 3:45 AM, Marco Molteni (mmolteni)
mmolt...@cisco.com wrote:
Hi,
there are two open source CA systems I am aware of, although I haven't
they get me. Thanks
Ted
On Jul 25, 2012, at 19:49 , Ted Byers wrote:
Hi All
I just subscribed to this list.
I have some familiarity with openssl having used it to generate self
signed keys for testing secured web applications (on Apache 2.2),
prior to deployment, at which time my
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of yyy
Sent: July-29-12 10:09 AM
To: openssl-users@openssl.org
Subject: Re: client server management of client SSL certificates
On 2012.07.29. 8:52, Sanford Staab wrote:
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Jason Goldberg
Sent: July-29-12 9:43 AM
To: openssl-users@openssl.org
Subject: Re: client server management of client SSL certificates
Thanks Jason,
There are Javascript libraries which range from
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
us...@openssl.org] On Behalf Of yyy
Sent: July-29-12 11:18 AM
To: openssl-users@openssl.org
Subject: Re: client server management of client SSL certificates
On 2012.07.29. 17:49, Ted Byers wrote
On Tue, Sep 11, 2012 at 12:36 PM, John A. Wallace jw72...@verizon.netwrote:
**
I am trying to figure out whether there is any point in using openssl on
a home LAN between two computers. Would that improve on security in any
way? Would I be limited in the types of OS connections? I mean,
On Wed, Oct 31, 2012 at 12:31 PM, Indtiny s indt...@gmail.com wrote:
Hi,
Thanks for the suggestion , while browsing about openssl I came across this
site http://www.rtfm.com/openssl-examples/
which has code for server which is based on the openssl .
Can I use that server code for my
On Thu, Nov 1, 2012 at 1:47 PM, Indtiny s indt...@gmail.com wrote:
Hi,
Thanks for the information , actually I need to write simple webserver for
the android (in the ndk level for some requirement) .
I have added some new CIPHER suite to the openssl as per our requirement .
now I need to
On Wed, Nov 7, 2012 at 9:20 AM, Graham Leggett minf...@sharp.fm wrote:
What I'm after is the difference between the given date and now so that I can
construct a max-age value for Cache-Control. At this stage, there doesn't
seem to be a way to do this in openssl.
Regards,
Graham
--
Why
On Tue, Nov 13, 2012 at 2:02 PM, Lee Fisher blib...@gmail.com wrote:
For things that the peer support forum and the existing documentation
don't cover, you have the source code, which is definitive.
Additionally, there are professional OpenSSL consultants you can use for
help.
It would be
On Tue, Nov 13, 2012 at 3:18 PM, alan buxey a.l.m.bu...@lboro.ac.uk wrote:
Hi,
I am not criticising the documentation for openssl, and will not; but
I
would encourage those who are responsible for maintaining and
improving
openssl to not neglect the documentation. It would be
On Tue, Nov 13, 2012 at 4:38 PM, alan buxey a.l.m.bu...@lboro.ac.uk wrote:
Hi,
Nonsense. No-one knows better how the code ought to be working than
the
folk who developed it. I begin with the assumption that all my
coders are
i'd cite the cathedral and the bazaar ...or the 'many
On Mon, Nov 19, 2012 at 9:45 AM, John Zavgren j...@zavgren.com wrote:
Thomas:
You make very good suggestions. Of them all (aside from the use of tact in
approaching the developers :-) ), I think that easy-to-follow code examples
would improve the openSSL experience more than anything else you
The simpler variant of this question, vis how to tell openssl where
the configuration file is, is a FAQ, and I have seen it countless
times over the past few years, as a result of my searches using
Google. However, my present situation is a bit different.
I am developing perl programs that must
On Wed, Nov 28, 2012 at 3:54 PM, Wim Lewis w...@omnigroup.com wrote:
On 28 Nov 2012, at 12:31 PM, Ted Byers wrote:
Is it possible to tell openssl where the configuration file is, e.g.
by setting an environment variable, without passing a commandline
argument?
If I remember correctly, you
Please consider the following output:
C:\Workopenssl s_client -connect secure.theserver.com:443
Loading 'screen' into random state - done
CONNECTED(00F0)
write:errno=10054
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
--
R.E.(Ted) Byers, Ph.D.,Ed.D.
t
in creating such a system)?
I am hoping someone out there can provide info that would spare me
further God knows how many weeks or months of frustratingly fruitless
searching using Google.
Thanks.
Ted
--
R.E.(Ted) Byers, Ph.D.,Ed.D
I am afraid I have not found adequate documentation that I can use to
guide me in editing the contents of openssl.cnf. The comments within
the file do not tell me enough about good values to use for the
different options that are available.
Here are my objectives:
1) A single certificate
There is greater need for precision in what is desired. Doing a
base64 encoding and storing encrypted data are two entirely different
matters, required sometimes in quite different circumstances. I
generally do not bother with encoding as that is not normally needed
in what I do, but a 30 second
Hi Jakob
On Fri, May 24, 2013 at 11:57 AM, Jakob Bohm jb-open...@wisemo.com wrote:
On 5/24/2013 9:47 AM, keshava jm wrote:
[snip]
The intended and proper way to do things is:
1. The CA creates its own private key, which is kept in a very secure
place (like a computer with no network
I installed the 64 bit Opensuse 12.3 (with KDE) on a small, entry
level server. Things generally went flawlessly, with one minor
annoyance.
I get a 'Notification' every few minutes that says, Authorization
failed on one line, and Failed to obtain authentication on the
next. It gives me only the
I obtained a NAS, with a view toward running MySQL on a sever running
MS Small Business Server 2003 (yes, I know, it is old, but I don't
have authority to upgrade it or wipe it and install Linux on it).
Anyway, the latest version of MySQL will not run on that machine.
Therefore, I intend to run
I issued the following command (with my own name in place of privkey)
openssl genrsa -out privkey.pem 2048
I then made the csr using
openssl req -new -key privkey.pem -out cert.csr
That is simple enough. But, I need a .key file to deploy on the
server beside the crt files.
If I understand
I found a Linux FAQ dealing with this subject, but it is very dated
(11.5 years old) and I do not know how much has changed since it was
last updated. While I am a programmer, I am looking only to use
openssl to make the certificates and keys I need, and not to create
new programs using openssl
I have been working through the tutorial at
http://pki-tutorial.readthedocs.org/en/latest/
There are a number of things that aren't clear.
1) Am I right in assuming that the various commands in that tutorial
can be performed as an ordinary user in a working directory in that
user's home
I found the following using Google.
===begin quote===
IETF PKIX (latest version RFC 5280) is a well accepted profile for
certificates. From section 4.1.2.4, the following fields must be
supported (I've added between parenthesis is the OpenSSL long and
optional short name):
country
I have been working through a tutorial that talks about the use of
openssl, creating root, intermediate, and signing CAs. While the
front page mentions RAs, it says nothing about how they fit, as one is
creating CAs, and crts. The only thing that it says is that an RA may
be the same as a CA.
introducing other risks? If so, how?
Also, could the security keys we bought have been compromised?
Any advice on how I can protect my servers better would be appreciated.
Thanks
Ted
--
R.E.(Ted) Byers, Ph.D.,Ed.D.
On Mon, Apr 7, 2014 at 4:31 PM, OpenSSL open...@openssl.org wrote
get the heartbeating message on both unpatched and patched servers.
Should that make me worry about the patched machines?
Thanks
Ted
--
R.E.(Ted) Byers, Ph.D.,Ed.D.
On Wed, Apr 9, 2014 at 9:54 AM, Salz, Rich rs...@akamai.com wrote:
Ø How do I determine whether or not the web servers I run
Thanks Patrick.
Apache lounge already has a patched release released. So, once I deploy
that, and get my certificates reissued, I ought to be OK.
Thanks
Ted
--
R.E.(Ted) Byers, Ph.D.,Ed.D.
On Wed, Apr 9, 2014 at 8:37 AM, Eisenacher, Patrick
patrick.eisenac...@bdr.de wrote:
Hi Ted
such an API, for any of the big 5 in Canada).
Cheers
Ted
Cheers
Ted
--
R.E.(Ted) Byers, Ph.D.,Ed.D.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl
On Fri, Apr 11, 2014 at 2:20 PM, Ted Byers r.ted.by...@gmail.com wrote:
Have you checked out Google and Amazon's payment services? I have
heard they exist, but haven't checked them out for cost (I may do so,
and soon, as the Canadian bank's support for ecommerce leaves
everything
Thanks Jeff,
On Fri, Apr 11, 2014 at 4:54 PM, Jeffrey Walton noloa...@gmail.com wrote:
On Fri, Apr 11, 2014 at 2:20 PM, Ted Byers r.ted.by...@gmail.com wrote:
On Fri, Apr 11, 2014 at 1:23 PM, Steve Marquess
marqu...@opensslfoundation.com wrote:
...
Have you checked out Google and Amazon's
On Fri, Apr 11, 2014 at 6:50 PM, Geoffrey Coram gjco...@gmail.com wrote:
On 04/11/2014 14:46, Ted Byers r.ted.by...@gmail.com wrote:
And guess what I just found. ;-) Amazon has special discounts for
icropayments and nonproft organizations. I do not know if you're a
501(c)3 non-profit
to
use them, if in fact using them would be useful (I started working
with Wireshark this past Friday).
Thanks
Ted
--
R.E.(Ted) Byers, Ph.D.,Ed.D.
__
OpenSSL Project http://www.openssl.org
User
on port 8443 (or
between my workstation and a specific ip address), as well as to let
me see the data in plain text rather than hex?
Thanks
Ted
--
R.E.(Ted) Byers, Ph.D.,Ed.D.
__
OpenSSL Project
for that purpose. From my
perspective, that is not a big problem. Rather, it is just one of
countless things I routinely have to deal with: just the cost of
getting things done.
Cheers
Ted
--
R.E.(Ted) Byers, Ph.D.,Ed.D
to watch how
the library evolves over the next decade.
Cheers
Ted
--
R.E.(Ted) Byers, Ph.D.,Ed.D.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users
41 matches
Mail list logo