RE: Apache mod-ssl: VirtualHost and certificates
Hi Shlomi You would need to include certificate related directives under the section defined for each virtual host within the httpd.conf. e.g: VirtualHost server_name:port_number Port 'port_number' ServerName server_name SSLCertificateFile /location/certificate_file_name SSLCertificateKeyFile /location/key_file_name SSLCertificateChainFile /location/certchain_file_name SSLCipherSuite ... .. /VirtualHost Regards Amol -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Shlomi Sent: Friday, November 30, 2001 2:00 AM To: [EMAIL PROTECTED] Subject: Apache mod-ssl: VirtualHost and certificates Hi all, Is someone know if there is a way to use a certificate for each domain on a server which configured to use VirtualHost (a single IP for all of the domains) ? I am trying to configure Apache (mod-ssl) to use a certificate for each VirtualHost but without success. Each VirtualHost needs a private key and a certificate, but the browser receives the main certificate for all of the domains. How can I set it to send the relevant certificate for each domain ? Thank you in advance, Shlomi. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: OpenSSL on PalmOS
Few months back, I had something similar in mind. But what I needed was just to have RSA and a few symmetric ciphers on Palm. Well.. I didn't know of the SSLeay port for Palm at that time so I modified OpenSSL's crypto lib a little. Anway, my project is scrapped now as the RSA private operations are just too slow on Palm's tiny CPU. Took about 30 seconds. You sure you need an SSL suite on Palm? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Please help
Salam, Signing a request has no relation with signing requests. To do so try what follows: 1/ Request Generation: openssl req -new -out cert.req 2/ request Signature: openssl req -ca -config path/openssl.cnf -in cert.req -out cert.pem path: path to openssl.cnf configuration file (may be /usr/share/ssl/openssl.cnf). Verify that directories and your CA and key files in the openssl.cnf file are correct. bye Haikel MEJRI Security Enginner National Digital Certification Agency TUNISIA On Friday 30 November 2001 01:44, you wrote: Dear All, I am finding problems while generating a certificate with openssl. When I want to generate a signed certificate using this command: openssl x509 -req -CA /usr/local/ca/cacert.crt -CAkey /usr/local/ca/private/cakey.pem -days 365 -in /tmp/req.pem -out /tmp/signed_req.pem -CAcreateserial --I get this problem 27182:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:662:Expecting: TRUSTED CERTIFICATE Please can anybody help me solve this problem Thanking you in advance Hafida __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Einsatz von OpenSSL
On Fri, Nov 30, 2001 at 09:06:10AM +0100, Michael Lissner wrote: Hallo, eine Frage zum Einsatz von OpenSSL unter Windows NT. Als Http Server verwende ich Apache 1.3.20 für NT, PHP4.0.6 als CGI und MySQL als Datenbank. Borland Builder 5.5 wird als Compiler eingesetzt. Mit welchem Source-Code kann ich eine Verschlüsslung bzw. gesicherte Verbindung generieren? You need the mod_ssl module for apache (http://www.modssl.org) which is integrating the SSL service into apache and which uses the OpenSSL library for the SSL services. I don't know which compiler or other requirements exist for WinNT with regard to OpenSSL or mod_ssl. Entstehen unter Windows Lizensgebühren? OpenSSL is completly free, you don't have to pay any license fees. (Please check out the LICENSE file included in the OpenSSL distribution.) Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Apache mod-ssl: VirtualHost and certificates
hi, this will work for unique port numbers only. Here's no chance to run a bunch of standard-SSL virtual hosts on one single 443 port and I guess it was the question. One could do that on different IP numbers regards, Vadim On Fri, 30 Nov 2001, Amol Natu wrote: Hi Shlomi You would need to include certificate related directives under the section defined for each virtual host within the httpd.conf. e.g: VirtualHost server_name:port_number Port 'port_number' ServerName server_name SSLCertificateFile /location/certificate_file_name SSLCertificateKeyFile /location/key_file_name SSLCertificateChainFile /location/certchain_file_name SSLCipherSuite ... .. /VirtualHost Regards Amol -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Shlomi Sent: Friday, November 30, 2001 2:00 AM To: [EMAIL PROTECTED] Subject: Apache mod-ssl: VirtualHost and certificates Hi all, Is someone know if there is a way to use a certificate for each domain on a server which configured to use VirtualHost (a single IP for all of the domains) ? I am trying to configure Apache (mod-ssl) to use a certificate for each VirtualHost but without success. Each VirtualHost needs a private key and a certificate, but the browser receives the main certificate for all of the domains. How can I set it to send the relevant certificate for each domain ? Thank you in advance, Shlomi. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
SSL session timeout and CGI scripts
Hello! Is there a way for a CGI script to find out how long the currently used SSL session is still valid, in other words, how many seconds of SSLSessionCacheTimeout still remain? I asked this question already on the modssl mailing list, but I got no answer, so I thought I'd ask the OpenSSL experts here. The modssl interface gives me the session key and the SSL session ID in environment variables, but not the remaining time. Is there any chance to access the time from a CGI script? Best regards -- Manfred Härtel mailto:[EMAIL PROTECTED] http://rz-home.de/mhaertel __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: running OpenSSL on Windows 32
I am using Windows 98SE and OpenSSL0.9.6b -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dr S N Henson Sent: Thursday, November 29, 2001 7:15 PM To: [EMAIL PROTECTED] Subject: Re: running OpenSSL on Windows 32 Jean-Gabriel Duquesnoy wrote: Hi, I have successfully downloaded and compiled OpenSSL on my Windows machine. Unfortunately, when I use it to create a CA certificate, when asking for the DN, the first question (Country Name) is displayed, but the second question is displayed without giving me any chance to enter the Country Name. I have the same problem when it comes to enter the Country Name for a request (-newreq). But worst is that the same behaviour occurs when I try to sign the issued certificates. As the first question when signing is Sign the certificate, I do not get any chance to sign my certificates. Does anyone have a hint where to search for the reason? Which version of Windows are you using and which version of OpenSSL? There was a Win95 console bug which had a workaround added a long time ago: after entering the password the last character (CR) would erroneously be appear when an attempt was made to read the next field and would give the behaviour you mentioned. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problem Installing openssl-0.9.6b.tar.gz On OpenVMS V6.2
From: [EMAIL PROTECTED] crh $ USER_CCDEFS := _VMS_V6_SOURCE=1,__VMS_VER=6000,__CRTL_VER=6000 crh $ USER_CCDISABLEWARNINGS := PREOPTW crh crh $ @makevms all norsaref debug decc crh crh crh The following are the errors that I got as a result of the command. (There crh would have been many more errors but I CTRL-Y out.) crh crh (Should I be specifying all if I'm only interested in the OpenSSL server crh and client?) (yes) I suspect that the following is what's causing all the trouble: crh Creating [.CRYPTO]OPENSSLCONF.H Include File. crh %DCL-W-CONFLICT, illegal combination of command elements - check documentation crh \OUTPUT\ What do you get if you check the symbol TYPE? $ sh sym type If you have qualifiers in that definition that conflict with /OUTPUT, you need to delete the symbol type. To be perfectly clear, one shouldn't replace the fully spelled commands with symbol commands, that's the best way to get in trouble. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-733-72 88 11 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Software Engineer, GemPlus: http://www.gemplus.com/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
running OpenSSL on Windows 32
Hi, I have successfully downloaded and compiled OpenSSL on my Windows machine. Unfortunately, when I use it to create a CA certificate, when asking for the DN, the first question (Country Name) is displayed, but the second question is displayed without giving me any chance to enter the Country Name. I have the same problem when it comes to enter the Country Name for a request (-newreq). But worst is that the same behaviour occurs when I try to sign the issued certificates. As the first question when signing is Sign the certificate, I do not get any chance to sign my certificates. Does anyone have a hint where to search for the reason? With kind regards, Jean-Gabriel Duquesnoy e-mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
CA Registration
Hi, I'm running OpenSSL 0.9.6 and I want to register with a CA. Is there a detailed Procedure for doing this? I have tried using the MAN pages with no luck. Joe Barty Network Engineer Digital Controls Corp 305 Pioneer Blvd Springboro, Oh 45066 Base: (937) 656-3708 Work: (937) 746-8118 Mobile: (937) 272-2421 [EMAIL PROTECTED]
about Crypt Init
Hi, I'm currently playing with the EVP interface, I'm afraid of having misunderstood some basic encryption behavior or policy. Lets say i want to encrypt a series of short messages, and i want a third party to be able to decrypt those messages. my thought are : i must init IV to a value each time i encrypt a new message and the third part must do the same to decrypt. then i EVP_BytetoKey() each time with the fixed key, am i right, or am i misusing IV init etc..?! - rival. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[Crypt::SSLeay] How to compile with aCC on hpux 11.0?
Hi all, is there a way to compile Crypt-SSLeay-0.35 using a aCC B3910B A.03.30 on hp-ux 11.0? tia Best regards Thomas Brix __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: running OpenSSL on Windows 32
Jean-Gabriel Duquesnoy wrote: I am using Windows 98SE and OpenSSL0.9.6b Hmmm. That should work. Have you compiled it on a WINNT box or enabled the WINNT features? That could cause problems because the work around isn't enabled on WINNT because it isn't needed. What output does: openssl version -a give? Also try running dumpbin /imports libeay32.dll and see if the output contains FlushConsoleInputBuffer. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Sharing an SSL_connection across threads.
On Mon, Nov 26, 2001 at 05:47:16PM -, Andy Schneider wrote: If I don't renogiate, can I put a read () and write () down in an SSL_connection in two different threads at the same time? No. -- Bodo Möller [EMAIL PROTECTED] PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: SSL session timeout and CGI scripts
On Fri, Nov 30, 2001 at 10:54:22AM +0100, Manfred Haertel wrote: Hello! Is there a way for a CGI script to find out how long the currently used SSL session is still valid, in other words, how many seconds of SSLSessionCacheTimeout still remain? I asked this question already on the modssl mailing list, but I got no answer, so I thought I'd ask the OpenSSL experts here. The modssl interface gives me the session key and the SSL session ID in environment variables, but not the remaining time. Is there any chance to access the time from a CGI script? As far as I could see from the mod_ssl sources, the corresponding data are not exported to environment variables. I don't think it would be to difficult to extend mod_ssl to also export these data. The ssl_hook_Fixup_vars table would need to be extended in ssl_engine_kernel.c by the required variables and the ssl_var_lookup_ssl() function in ssl_engine_vars.c would need to be needed to handle these variables. I think, that if you grep for SESSION_ID in pkg.sslmod/ you will easily get an idea. Without source modification, you won't get the information. Best regards, Lutz PS. With respect to the SSL_SESSION timeout settings: man SSL_SESSION_get_time -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Verifying an encrypted PKCS#7
Hi If I have a PKCS#7 that is only encrypted (pkcs7_enveloped) , how can I then be sure of the integrity of the data? With a signed PKCS#7 you can verify the signature, but what if there is no signature. Does the PKCS#7 format itself make it impossible to tamper with such an encrypted blob or is there some OpenSSL function that can verify the integrity (like PKCS7_verify)? Thanks, Kim Hellan KMD / KMD-CA __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Problems building 64-bit openssl
Hello, I am trying to build 64-bit Openssl libraries on a Solaris 8 box. I am working with the 0.9.6b source with gcc 3.0.2 (with 64-bit support, of course! :). I have not had any problems building any other 64 bit applications with this compiler. Everything compiles fine, but when I run 'make test', the BN_sqr test fails. I've looked on the WWW and could only find one page referring to this issue, and it looks like it was never resolved. Please help! Greg __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: certificate problem
Thanks for the advice. I was able to get an alternate /dev/urandom package working. Soo On Wed, 28 Nov 2001, Lutz Jaenicke wrote: On Wed, Nov 28, 2001 at 08:47:13AM +0100, [EMAIL PROTECTED] wrote: Solaris does not support the device /dev/urandom which is necessary to seed the PRNG by default. You can either install a package which emulate /dev/urandom or seed the PRNG manually by the following commands : unsigned char seed_buffer [1024] ; RAND_pseudo_byte(seed_buffer, 1024) ; RAND_seed(seed_buffer, 1024) ; ... RSA_generate_key(...) This, with all due respect, is no good advice. Depending on the platform (and maybe even compiler settings), the buffer may be memset to 0. Generating pseudo bytes from it will mix in the PID and have the pool mixed. That might look random, but finally (if somebody finds out your method), the generated keys are weak. I strongly suggest using using one of the alternative PRNG sources described in the FAQ. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Apache mod-ssl: VirtualHost and certificates
More specifically, each SSL-enabled virtual host must have as unique public IP with certificates that include the domain name that corresponds to the address. You cannot have an SSL-enabled name-based virtual host. Keary Suska Esoteritech, Inc. Leveraging Open Source for a better Internet From: Vadim Fedukovich [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 30 Nov 2001 11:00:07 +0200 (EET) To: OpenSSL User List [EMAIL PROTECTED] Subject: RE: Apache mod-ssl: VirtualHost and certificates hi, this will work for unique port numbers only. Here's no chance to run a bunch of standard-SSL virtual hosts on one single 443 port and I guess it was the question. One could do that on different IP numbers regards, Vadim On Fri, 30 Nov 2001, Amol Natu wrote: Hi Shlomi You would need to include certificate related directives under the section defined for each virtual host within the httpd.conf. e.g: VirtualHost server_name:port_number Port 'port_number' ServerName server_name SSLCertificateFile /location/certificate_file_name SSLCertificateKeyFile /location/key_file_name SSLCertificateChainFile /location/certchain_file_name SSLCipherSuite ... .. /VirtualHost Regards Amol -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Shlomi Sent: Friday, November 30, 2001 2:00 AM To: [EMAIL PROTECTED] Subject: Apache mod-ssl: VirtualHost and certificates Hi all, Is someone know if there is a way to use a certificate for each domain on a server which configured to use VirtualHost (a single IP for all of the domains) ? I am trying to configure Apache (mod-ssl) to use a certificate for each VirtualHost but without success. Each VirtualHost needs a private key and a certificate, but the browser receives the main certificate for all of the domains. How can I set it to send the relevant certificate for each domain ? Thank you in advance, Shlomi. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
libcrypto.so and libgcc_s.so.1 not found
Hello, So, I'm a relatively clueless desktop support type, who somehow has ended up trying to build and secure a Solaris 8 box. Woe is me, most especially because I can't seem to get OpenSSH to #$@! configure. I think the problem is with my OpenSSL install, and here's why: When I run configure in the OpenSSH (3.0.1p1) source directory, it bombs out, apparently when trying to find either A) libgcc_s.so.1, or B) libcrypto.so -- it reports that it can't find a working OpenSSL directory. I have what appears to be a good OpenSSL installation, though -- is there something I'm missing? Have I installed the wrong thing? Here are the details of the system and existing software, for those who care: Sun Ultra 60 running Solaris 8 gnu bc-1.06 gnu make-3.79.1 gnu gcc-2.95 openssl-0.9.6b *openssh-3.0.1p1 [*] if only... I've installed all of these from source. Can't even get to make on the OpenSSH install, though. Very frustrating. Can't find any documentation anywhere which addresses this problem. Please help. So confused... Fish. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Verifying an encrypted PKCS#7
Hellan,Kim KHE wrote: Hi If I have a PKCS#7 that is only encrypted (pkcs7_enveloped) , how can I then be sure of the integrity of the data? With a signed PKCS#7 you can verify the signature, but what if there is no signature. Does the PKCS#7 format itself make it impossible to tamper with such an encrypted blob or is there some OpenSSL function that can verify the integrity (like PKCS7_verify)? PKCS#7 encrypted data can be produced by anyone with access to the recipient(s) certificates which will normally be publically available. Unless the sender has signed the content before encryption there is no way to be sure of its integrity. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: error on doing ./CA.pl -signreq
Yasir Ali wrote: Hi, I am just starting on my thesis which involves ssh and ssl usage. I was running the CA.pl script. I created a new CA, and then i created certificate sign request and finally when I did ./Ca.pl -signreq, it gave me the following error CA.pl -newca -worked CA.pl -newreq -worked CA.pl -signreq -gave error The error i got is this: Using configuration from usr/share/ssl/openssl.conf unable to load CA private key 5514:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:662:Expecting: ANY PRIVATE KEY Signed Certificate is in newcert.pem any help will be appreciated. Did CA.pl -newca prompt you for any field values? If not then there's probably a demoCA directory from a previous unsuccessful attempt to create a CA. Try deleting the demoCA directory (and any files in it) and call CA.pl -newca again. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: libcrypto.so and libgcc_s.so.1 not found
From: Fish Flowers [EMAIL PROTECTED] fish So, I'm a relatively clueless desktop support type, who somehow has ended fish up trying to build and secure a Solaris 8 box. Woe is me, most especially fish because I can't seem to get OpenSSH to #$@! configure. fish fish I think the problem is with my OpenSSL install, and here's why: When I run fish configure in the OpenSSH (3.0.1p1) source directory, it bombs out, fish apparently when trying to find either A) libgcc_s.so.1, or fish B) libcrypto.so -- it reports that it can't find a working OpenSSL fish directory. So, did you tell the OpenSSL configuratino script any specific place where it should be installed? If not, it's most probably installed in /usr/local/ssl. Then, if the OpenSSH configuration script can't figure it out, I'm pretty sure it has some options which you can use to tell it where to look. The following might help you find out what those options are: ./configure --help -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 \ SWEDEN \ or +46-733-72 88 11 Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED] Member of the OpenSSL development team: http://www.openssl.org/ Software Engineer, GemPlus: http://www.gemplus.com/ Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[no subject]
__ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
ssl-cert-HOWTO.txt for review
OpenSSL users and developers, I have struggled with getting certificates in order on my servers, and I have seen others struggle with this too. It became necessary to do a proper job, so I decided I should write up what I had to learn as a HOWTO. I would like to contribute this for posting on www.openssl.org. But first, I think someone who actually _knows_ what they are doing should review my document; preferably, several people. (Yesterday I couldn't spell SSL...) So here it is: http://www.binarytool.com/ssl-cert-HOWTO.txt Please, if you have the time, take a look through this and make sure I'm not telling lies or leading people into danger. Send me mail at the address below, as I'm not on the list. One specific thing I would like to be able to control on the non-CA certificates is the Any Purpose CA : Yes attribute; what do I put in the config file to change this to No? Thanks very much in advance for your input. Marcus Redivo The Binary Tool Foundry http://www.binarytool.com mailto:[EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
check root CA
Hi, I'm newby, so I hope not to bother you with some stupid question or misunderstud concepts. I have been reading information of how to verify server certificate signed by a root CA in a client. Form what I read, I have to check the server certificate signature with the public key certificate from the root CA. Does anyone know the steps to do this? Any comment and this topic will be greatful. Thanks in advance. Julio Visite http://www.bancorio.com.ar y tenga el Banco al alcance de su mano. NOTA DE CONFIDENCIALIDAD / CONFIDENTIALITY NOTE Este mensaje (y sus anexos) es confidencial y puede contener informacion (i) de propiedad exclusiva de Banco Rio de la Plata S.A. sus afiliadas o subsidiarias; o (ii) amparada por el secreto profesional. Si usted ha recibido este fax o e-mail por error, por favor comuniquelo inmediatamente via fax o e-mail y tenga la amabilidad de destruirlo; no debera copiar el mensaje ni divulgar su contenido a ninguna persona. Muchas gracias. This message (including attachments) is confidential. It may also contain information that (i) is exclusively property of Banco Rio de la Plata S.A. or its affiliates or subsidiaries; or (ii) is privileged or otherwise legally exempt from disclosure. If you have received it by mistake please let us know by fax or e-mail immediately and destroy or delete it from your files or system; you should also not copy the message nor disclose its contents to anyone. Thank you. ** __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
