Windows Demo for SSL
Hi, Anyone have windows based SSL Demo program and source code written in C, VB or VC++? I really urgently need it to start my project. I'm really too new to this. Thanks for your help! Lawrence __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Windows Demo for SSL
do a google search for SSL putty lawrence wrote: Hi, Anyone have windows based SSL Demo program and source code written in C, VB or VC++? I really urgently need it to start my project. I'm really too new to this. Thanks for your help! Lawrence __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- Bruce One day at a time... One second if that's what it takes __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Life agents...
LIFEQUOTE SAVE UP TO 70% ON LIFE INSURANCE PREMIUMS Protect Your Family In Case Of Death Plan For Your Childs Education Protect Your Estate The LEADING source for Life Insurance Companies! The BEST Agents! And The FRIENDLIEST Staff! CLICK HERE For a FREE Quote! It's QUICK , EASY and COMPLETE If you would like to be removed from any further mailings just click here Remove Me and hit send and you will automatically be removed from any other mailings. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Got a minute? Openssl/Windows 2000 CA interop
Title: Got a minute? Openssl/Windows 2000 CA interop I looked all around the net, and the one document I found http://www.cise.ufl.edu/depot/doc/openssl/openssl.txt (or the openssl.txt) That talks about unsupported subjectAltName tags. So, following those instructions, I've included the cert request, and certnew,cer, the binary encoded certificate. Anyone have suggestions for this here? In text format, here's the problem I'm getting. I'm generating a certificate request using openssl with a subjectAltName. I'm doing it as follows: subjectAltName = FQDN for ipsec ID subjectAltName_min = 7 subjectAltName_max = 256 subjectAltName_default = dnsName:fqdn.of.the.server This lets me enter in the DNS name of the server for use with FreeS/WAN ipsec (www.freeswan.org) with x509 certificates (http://www.strongsec.com/freeswan/, and specifically http://www.strongsec.com/freeswan/install.htm#section_7.2) My organization is big on Microsoft... so I'm attempting to use the M$ certificate services to issue the certs. So, I send the request below, which contains the correct subjectAltName extension: Attributes: X509v3 Subject Alternative Name:dnsName:van-test-firewall.van.voyus.com (Incidentally, I also tried using DNS:van-test-firewall.van.voyus.com, which got the same results. AFAICT, DNS: is an alias for dnsName:, so I tried that instead on this round). Then, I get the cert request approved using the windows 2000 ca, and it comes back like this: X509v3 Subject Alternative Name: othername:unsupported Now... I'm greatly familiar with interoperability problems using M$ products, but, I was curious if anyone knew of anything I can do to make this work. I'm also going to contact MS about this one... I can find no information about this on their support site of course. I'm using openssl-0.96a. Thanks in advance! Liam localhost.localdomain-certrequest-ntformat-19-11-01.cer Description: Binary data certnew.cer Description: Binary data
Questions - new compilation of mod_ssl-2.8.5
Evening, Im new to the list. I have an openssl quesion pointed to mod_ssl. I have compiled as stated by the INSTALL Doc in the mod_perl-2.8.5 /src tree. Everything seems to compile fine with no errors at all. When I issue /usr/local/apache/bin/apachectl startssl apache starts up and here is the connection status: [root@mail1 bin]# ./apachectl startssl ./apachectl startssl: httpd started [root@mail1 bin]# ps ax | grep httpd 5057 ?S 0:00 /usr/local/apache/bin/httpd -DSSL 5058 ?S 0:00 /usr/local/apache/bin/httpd -DSSL 5059 ?S 0:00 /usr/local/apache/bin/httpd -DSSL 5060 ?S 0:00 /usr/local/apache/bin/httpd -DSSL 5061 ?S 0:00 /usr/local/apache/bin/httpd -DSSL 5062 ?S 0:00 /usr/local/apache/bin/httpd -DSSL when I check for port 443 its not starting up for some reason: [root@mail1 bin]# netstat -na | grep 80 tcp0 0 0.0.0.0:80 0.0.0.0:* LISTEN [root@mail1 bin]# netstat -na | grep 443 [root@mail1 bin]# Anyone have and Idea ? Im sure this is a simple solution im just dong something wrong I guess ? Sincerely, ~D __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Questions - new compilation of mod_ssl-2.8.5
It is probably an Apache configuration issue. If there was a problem with your mod_ssl binary, Apache probably wouldn't load. Apache doesn't do SSL automatically. You have to specify it in the configuration. Have you looked at httpd.apache.org for documentation? Keary Suska Esoteritech, Inc. Leveraging Open Source for a better Internet From: Cdowns [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Mon, 19 Nov 2001 21:58:03 -0500 To: [EMAIL PROTECTED] Subject: Questions - new compilation of mod_ssl-2.8.5 Evening, Im new to the list. I have an openssl quesion pointed to mod_ssl. I have compiled as stated by the INSTALL Doc in the mod_perl-2.8.5 /src tree. Everything seems to compile fine with no errors at all. When I issue /usr/local/apache/bin/apachectl startssl apache starts up and here is the connection status: [root@mail1 bin]# ./apachectl startssl ./apachectl startssl: httpd started [root@mail1 bin]# ps ax | grep httpd 5057 ?S 0:00 /usr/local/apache/bin/httpd -DSSL 5058 ?S 0:00 /usr/local/apache/bin/httpd -DSSL 5059 ?S 0:00 /usr/local/apache/bin/httpd -DSSL 5060 ?S 0:00 /usr/local/apache/bin/httpd -DSSL 5061 ?S 0:00 /usr/local/apache/bin/httpd -DSSL 5062 ?S 0:00 /usr/local/apache/bin/httpd -DSSL when I check for port 443 its not starting up for some reason: [root@mail1 bin]# netstat -na | grep 80 tcp0 0 0.0.0.0:80 0.0.0.0:* LISTEN [root@mail1 bin]# netstat -na | grep 443 [root@mail1 bin]# Anyone have and Idea ? Im sure this is a simple solution im just dong something wrong I guess ? Sincerely, ~D __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Importing Self Signed Cert in Oracle 8i
Hi, trying to import self signed cert in Oracle 8i but it is not accepting it. Error msg given is Not a trusted certificate. But it accepted the versign root certificate. So wat could be the problem? thanx, vish. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Importing Self Signed Cert in Oracle 8i
But the self signed certificate that has been generated contains the following X509v3 Basic Constraints: CA:TRUE X509v3 Key Usage: Certificate Sign, CRL Sign Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA which means that it is a CA certificate. So what else could be the problem. Franck Martin wrote: My guess, is a self signed certificate is not a CA certificate. In your openssl.cnf file you should se an option like CA=true, which is used only to sign CA certificate. Cheers. Franck Martin Network and Database Development Officer SOPAC South Pacific Applied Geoscience Commission Fiji E-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Web site: http://www.sopac.org/ http://www.sopac.org/ Support FMaps: http://fmaps.sourceforge.net/ http://fmaps.sourceforge.net/ This e-mail is intended for its addresses only. Do not forward this e-mail without approval. The views expressed in this e-mail may not be necessarily the views of SOPAC. -Original Message- From: viswanath [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 20 November 2001 4:43 To: openssl users Subject: Importing Self Signed Cert in Oracle 8i Hi, trying to import self signed cert in Oracle 8i but it is not accepting it. Error msg given is Not a trusted certificate. But it accepted the versign root certificate. So wat could be the problem? thanx, vish. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Importing Self Signed Cert in Oracle 8i
On Tuesday 20 November 2001 00:20, viswanath wrote: But the self signed certificate that has been generated contains the following X509v3 Basic Constraints: CA:TRUE X509v3 Key Usage: Certificate Sign, CRL Sign Netscape Cert Type: SSL CA, S/MIME CA, Object Signing CA which means that it is a CA certificate. So what else could be the problem. Can you give us a side-by-side of the differences between the CA cert that was imported OK and the CA cert you can't get imported? Logic (or a first-order approximation thereof) tells me that's where you should find your answer ... though of course it could be something like the way the strings are encoded rather than the nature of the attributes. Perhaps openssl asn1parse -i the two and take a look at what kind of differences you find? Cheers, Geoff __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Importing Self Signed Cert in Oracle 8i
Here are the differences found MY CERT|VERISIGN 1) 1024-bit 1) 512-bit 2) serial no. 02) serial no. 52:a9:f4:24:da:67:4c:9d:af:4f:53:78:52:ab:ef:6e 3) has C,L,ST,O,OU,CN 3) has O,OU,OU only. 4)has the x509 v3 extension 4) does not have any x509 v3 extensions Wat i did was the last differences were removed? but still it did not work The ASN.1 for both the certificates obtained by using openssl asn1parse is given as below But not much differences were found; For verisign certificate: 0:d=0 hl=4 l= 589 cons: SEQUENCE 4:d=1 hl=4 l= 503 cons: SEQUENCE 8:d=2 hl=2 l= 16 prim: INTEGER :52A9F424DA674C9DAF4F537852ABEF6E 26:d=2 hl=2 l= 13 cons: SEQUENCE 28:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption 39:d=3 hl=2 l= 0 prim: NULL 41:d=2 hl=3 l= 169 cons: SEQUENCE 44:d=3 hl=2 l= 22 cons: SET 46:d=4 hl=2 l= 20 cons: SEQUENCE 48:d=5 hl=2 l= 3 prim: OBJECT :organizationName 53:d=5 hl=2 l= 13 prim: PRINTABLESTRING :VeriSign, Inc 68:d=3 hl=2 l= 71 cons: SET 70:d=4 hl=2 l= 69 cons: SEQUENCE 72:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName 77:d=5 hl=2 l= 62 prim: PRINTABLESTRING :www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD. 141:d=3 hl=2 l= 70 cons: SET 143:d=4 hl=2 l= 68 cons: SEQUENCE 145:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName 150:d=5 hl=2 l= 61 prim: PRINTABLESTRING :For VeriSign authorized testing only. No assurances (C)VS1997 213:d=2 hl=2 l= 30 cons: SEQUENCE 215:d=3 hl=2 l= 13 prim: UTCTIME :98060700Z 230:d=3 hl=2 l= 13 prim: UTCTIME :060606235959Z 245:d=2 hl=3 l= 169 cons: SEQUENCE 248:d=3 hl=2 l= 22 cons: SET 250:d=4 hl=2 l= 20 cons: SEQUENCE 252:d=5 hl=2 l= 3 prim: OBJECT :organizationName 257:d=5 hl=2 l= 13 prim: PRINTABLESTRING :VeriSign, Inc 272:d=3 hl=2 l= 71 cons: SET 274:d=4 hl=2 l= 69 cons: SEQUENCE 276:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName 281:d=5 hl=2 l= 62 prim: PRINTABLESTRING :www.verisign.com/repository/TestCPS Incorp. By Ref. Liab. LTD. 345:d=3 hl=2 l= 70 cons: SET 347:d=4 hl=2 l= 68 cons: SEQUENCE 349:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName 354:d=5 hl=2 l= 61 prim: PRINTABLESTRING :For VeriSign authorized testing only. No assurances (C)VS1997 417:d=2 hl=2 l= 92 cons: SEQUENCE 419:d=3 hl=2 l= 13 cons: SEQUENCE 421:d=4 hl=2 l= 9 prim: OBJECT :rsaEncryption 432:d=4 hl=2 l= 0 prim: NULL 434:d=3 hl=2 l= 75 prim: BIT STRING 511:d=1 hl=2 l= 13 cons: SEQUENCE 513:d=2 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption 524:d=2 hl=2 l= 0 prim: NULL 526:d=1 hl=2 l= 65 prim: BIT STRING For my certificate: 0:d=0 hl=4 l= 875 cons: SEQUENCE 4:d=1 hl=4 l= 724 cons: SEQUENCE 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 10:d=3 hl=2 l= 1 prim: INTEGER :02 13:d=2 hl=2 l= 1 prim: INTEGER :00 16:d=2 hl=2 l= 13 cons: SEQUENCE 18:d=3 hl=2 l= 9 prim: OBJECT :md5WithRSAEncryption 29:d=3 hl=2 l= 0 prim: NULL 31:d=2 hl=3 l= 134 cons: SEQUENCE 34:d=3 hl=2 l= 11 cons: SET 36:d=4 hl=2 l= 9 cons: SEQUENCE 38:d=5 hl=2 l= 3 prim: OBJECT :countryName 43:d=5 hl=2 l= 2 prim: PRINTABLESTRING :IN 47:d=3 hl=2 l= 20 cons: SET 49:d=4 hl=2 l= 18 cons: SEQUENCE 51:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 56:d=5 hl=2 l= 11 prim: PRINTABLESTRING :MAHARASHTRA 69:d=3 hl=2 l= 15 cons: SET 71:d=4 hl=2 l= 13 cons: SEQUENCE 73:d=5 hl=2 l= 3 prim: OBJECT :localityName 78:d=5 hl=2 l= 6 prim: PRINTABLESTRING :MUMBAI 86:d=3 hl=2 l= 12 cons: SET 88:d=4 hl=2 l= 10 cons: SEQUENCE 90:d=5 hl=2 l= 3 prim: OBJECT :organizationName 95:d=5 hl=2 l= 3 prim: PRINTABLESTRING :TCS 100:d=3 hl=2 l= 12 cons: SET 102:d=4 hl=2 l= 10 cons: SEQUENCE 104:d=5 hl=2 l= 3 prim: OBJECT :organizationalUnitName 109:d=5 hl=2 l= 3 prim: PRINTABLESTRING :CSP 114:d=3 hl=2 l= 15 cons: SET 116:d=4 hl=2 l= 13 cons: SEQUENCE 118:d=5 hl=2 l= 3 prim: OBJECT :commonName 123:d=5 hl=2 l= 6 prim: PRINTABLESTRING :KMS CA 131:d=3 hl=2 l= 35 cons: SET 133:d=4 hl=2 l= 33 cons: SEQUENCE 135:d=5 hl=2 l= 9 prim: OBJECT :emailAddress 146:d=5 hl=2 l= 20 prim: IA5STRING :[EMAIL PROTECTED] 168:d=2 hl=2 l= 30 cons: SEQUENCE 170:d=3 hl=2 l= 13 prim: UTCTIME :011109062441Z 185:d=3 hl=2 l= 13 prim: UTCTIME :040805062441Z 200:d=2 hl=3 l= 134 cons: SEQUENCE 203:d=3 hl=2 l= 11 cons: SET 205:d=4 hl=2 l= 9 cons: SEQUENCE 207:d=5 hl=2 l= 3 prim: OBJECT :countryName 212:d=5 hl=2 l= 2 prim: PRINTABLESTRING :IN 216:d=3 hl=2 l= 20 cons: SET 218:d=4 hl=2 l= 18 cons: SEQUENCE 220:d=5 hl=2 l= 3 prim: OBJECT :stateOrProvinceName 225:d=5 hl=2 l= 11 prim: PRINTABLESTRING :MAHARASHTRA 238:d=3 hl=2 l= 15 cons: SET 240:d=4 hl=2 l= 13 cons: SEQUENCE 242:d=5 hl=2 l= 3 prim: OBJECT :localityName 247:d=5 hl=2 l= 6 prim: PRINTABLESTRING :MUMBAI 255:d=3 hl=2 l= 12 cons: SET 257:d=4 hl=2 l= 10 cons: SEQUENCE 259:d=5 hl=2 l= 3 prim: OBJECT :organizationName 264:d=5 hl=2 l= 3 prim: PRINTABLESTRING :TCS 269:d=3 hl=2 l= 12 cons: SET 271:d=4 hl=2 l= 10 cons: SEQUENCE 273:d=5 hl=2 l= 3 prim: OBJECT
S/MIME: Using separate digital and encryption certificates
Hi, I have created separate digital signing and encryption certificates for the purpose of secure E-mail, signed by a self-signed CA. In openssl.cnf the section usr_cert is as follows: [ usr_cert ] # These extensions are added when 'ca' signs a request. basicConstraints=CA:FALSE nsCertType = email keyUsage = digitalSignature subjectKeyIdentifier=hash authorityKeyIdentifier=keyid,issuer:always My problem is: -- I am able to send digitally signed mails with Netscape Communicator and the recipient's mail client (Netscape/ OE) cannot send an encrypted mail using the received digital ID, which is what I want. IN OE however, before sending a digitally signed message, OE complains that I do not have a digital ID. But then it is able to send a digitally signed message. Can anybody point what the problem may be. Is there a way to eliminate this warning? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Got a minute? Openssl/Windows 2000 CA interop
Title: Got a minute? Openssl/Windows 2000 CA interop Beware MS is less forgiving than the openssl and the file must contain only one --CERTIFICATE-- section with no other text... If need be edit the files. Check my HOWTO on how to sign certificates request issued by key manager. Check your files. Franck MartinNetwork and Database Development OfficerSOPAC South Pacific Applied Geoscience CommissionFijiE-mail: [EMAIL PROTECTED]Web site: http://www.sopac.org/Support FMaps: http://fmaps.sourceforge.net/ This e-mail is intended for its addresses only. Do not forward this e-mail without approval. The views expressed in this e-mail may not be necessarily the views of SOPAC. -Original Message-From: Liam Helmer - Lists [mailto:[EMAIL PROTECTED]]Sent: Tuesday, 20 November 2001 2:03 To: '[EMAIL PROTECTED]'Subject: Got a minute? Openssl/Windows 2000 CA interop I looked all around the net, and the one document I found http://www.cise.ufl.edu/depot/doc/openssl/openssl.txt (or the openssl.txt) That talks about unsupported subjectAltName tags. So, following those instructions, I've included the cert request, and certnew,cer, the binary encoded certificate. Anyone have suggestions for this here? In text format, here's the problem I'm getting. I'm generating a certificate request using openssl with a subjectAltName. I'm doing it as follows: subjectAltName = FQDN for ipsec ID subjectAltName_min = 7 subjectAltName_max = 256 subjectAltName_default = dnsName:fqdn.of.the.server This lets me enter in the DNS name of the server for use with FreeS/WAN ipsec (www.freeswan.org) with x509 certificates (http://www.strongsec.com/freeswan/, and specifically http://www.strongsec.com/freeswan/install.htm#section_7.2) My organization is big on Microsoft... so I'm attempting to use the M$ certificate services to issue the certs. So, I send the request below, which contains the correct subjectAltName extension: Attributes: X509v3 Subject Alternative Name:dnsName:van-test-firewall.van.voyus.com (Incidentally, I also tried using DNS:van-test-firewall.van.voyus.com, which got the same results. AFAICT, DNS: is an alias for dnsName:, so I tried that instead on this round). Then, I get the cert request approved using the windows 2000 ca, and it comes back like this: X509v3 Subject Alternative Name: othername:unsupported Now... I'm greatly familiar with interoperability problems using M$ products, but, I was curious if anyone knew of anything I can do to make this work. I'm also going to contact MS about this one... I can find no information about this on their support site of course. I'm using openssl-0.96a. Thanks in advance! Liam
RE: Importing Self Signed Cert in Oracle 8i
My guess, is a self signed certificate is not a CA certificate. In your openssl.cnf file you should se an option like CA=true, which is used only to sign CA certificate. Cheers. Franck Martin Network and Database Development Officer SOPAC South Pacific Applied Geoscience Commission Fiji E-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Web site: http://www.sopac.org/ http://www.sopac.org/ Support FMaps: http://fmaps.sourceforge.net/ http://fmaps.sourceforge.net/ This e-mail is intended for its addresses only. Do not forward this e-mail without approval. The views expressed in this e-mail may not be necessarily the views of SOPAC. -Original Message- From: viswanath [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 20 November 2001 4:43 To: openssl users Subject: Importing Self Signed Cert in Oracle 8i Hi, trying to import self signed cert in Oracle 8i but it is not accepting it. Error msg given is Not a trusted certificate. But it accepted the versign root certificate. So wat could be the problem? thanx, vish. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SSL HOWTO
Following my previous draft HOWTO I'm about to submit this HOWTO to the www.linuxdoc.org Any last comments or additions required? You can send especially your contributions for the FIXME parts. Franck Martin Network and Database Development Officer SOPAC South Pacific Applied Geoscience Commission Fiji E-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Web site: http://www.sopac.org/ http://www.sopac.org/ Support FMaps: http://fmaps.sourceforge.net/ http://fmaps.sourceforge.net/ This e-mail is intended for its addresses only. Do not forward this e-mail without approval. The views expressed in this e-mail may not be necessarily the views of SOPAC. CA.pdf Description: Binary data