Hello everyone,
I have a server application that will use Openssl to communicate with its
clients over SSL secured channel.
This server requires a unique signed server certificate.
I plan to use my personal CA to issue these server certificates.
Now for the ease of deployment, I plan to create
I thing I have finally found where the problem is. When the TCP connection is
interrupted (pulling out network cable) there are some timeouts set for TCP
connection. Defaultly on LINUX systems, theese configuration items, that sets
TCP timeouts are in /proc/sys/net/ipv4/[tcp_keepalive_...]. I
Hi,
When I run the following command, it doesn' t ask me question about signing.
But I have to press enter button two times. I want to press only once to enter
button. This command creates emtpy new-cert.pem file and it does not add
information to demoCA/index.txt file. Is the following
Hello,
When I run the following command, it doesn' t ask me question about
signing. But I have to press enter button two times. I want to press
only once to enter button. This command creates emtpy new-cert.pem
file and it does not add information to demoCA/index.txt file. Is the
following
Hi,
I tried the following command. But this command asks some questions ( for
instance it asks me Sign the certificate? [y/n]: question) and waits for
answer from me. I want to answer this questions with openssl command
automatically. Is this possible?
# openssl ca -key 123456 -config
Hi,
Is it possible to implement ECDSA and ECICS using OpenSSL? I did not
find anything in the documentation or the man pages, although I was
told that OpenSSL is capable of elliptic curve cryptography which had
been donated by sun.
Btw, are there any patent implications?
Thanks,
Markus
--
Hello,
Is it possible to implement ECDSA and ECICS using OpenSSL? I did not
find anything in the documentation or the man pages, although I was
told that OpenSSL is capable of elliptic curve cryptography which had
been donated by sun.
Elliptic curves are in OpenSSL 0.9.8e version.
EDCSA is
Hi Marek,
I am sorry to write you directly but I have posted my question twice on the
openssl site and for some reason it never get published.
I would like to use only the ECDSA, is there any simple way to compile it
alone (ofcourse with the modules it's using).
I have tried doing it manually,
Hi,
I solved the problem. I used -batch parameter with openssl with the following
command. Now I wonder what is the answers of the questions (Sign the
certificate? [y/n]:). How can I learn which option [y/n] (yes/no) is used?
openssl ca -batch -key 123456 -config openssl.cnf -out new-cert.pem
Hello,
I solved the problem. I used -batch parameter with openssl with the
following command. Now I wonder what is the answers of the questions
(Sign the certificate? [y/n]:). How can I learn which option [y/n]
(yes/no) is used?
In OpenSSL source file apps/ca.c look at 'batch' variable, you
Hello,
Is it possible to implement ECDSA and ECICS using OpenSSL? I did not
find anything in the documentation or the man pages, although I was
told that OpenSSL is capable of elliptic curve cryptography which had
been donated by sun.
Elliptic curves are in OpenSSL 0.9.8e version.
Hello,
Is it possible to give answer of Sign the certificate?
[y/n]:question to openssl command with some parameters? I prefer y
option.
Does openssl accepts y option with the following command by default?
openssl ca -batch -key 123456 -config openssl.cnf -out new-cert.pem
-infiles
Hi Marek,
First I would like to thank you for your quick reply.
I just have one more small question :)
As far as I could see the ASN.1 is used basically to calculate the size of
the signature (at least on the ecdsa side). So if I know exactly the size of
the signatures then I can only remove the
Hello,
Marek: I suspect Markus is referring to ECIES (Elliptic Curve
Integrated Encryption Scheme) as specified in ANSI X9.63 and the IEEE
P1363a Draft.
OK, thank you for information.
Best regards,
--
Marek Marcola [EMAIL PROTECTED]
Hi,
Is it possible to give answer of Sign the certificate? [y/n]:question to
openssl command with some parameters? I prefer y option.
Does openssl accepts y option with the following command by default?
openssl ca -batch -key 123456 -config openssl.cnf -out new-cert.pem -infiles
new-req.pem
adding that 0 got the compiler to continue .. i got another error a
bit later though
could it be my system being a bit messed up ?
those problems seem really fishy to me
/usr/bin/ld: skipping incompatible /usr/bin/../lib/libdl.so when
searching for -ldl
/usr/bin/ld: skipping incompatible
Hi, Marek,
Marek Marcola [EMAIL PROTECTED] wrote:
Does that mean that ECICS is not implemented yet?
What is ECICS ? I can not find any information :-(
I'm sure OpenSSL implements generic EC algorithms, ECDSA and ECDH
Sorry, that was a typo, I meant ECIES, of course.
It seems that I spent
Hi, Marek,
Marek Marcola [EMAIL PROTECTED] wrote:
Hello,
Is it possible to implement ECDSA and ECICS using OpenSSL? I did not
find anything in the documentation or the man pages, although I was
told that OpenSSL is capable of elliptic curve cryptography which had
been donated by sun.
Hello,
I am sorry to write you directly but I have posted my question twice
on the openssl site and for some reason it never get published.
I would like to use only the ECDSA, is there any simple way to compile
it alone (ofcourse with the modules it's using).
I have tried doing it manually,
Marek: I suspect Markus is referring to ECIES (Elliptic Curve
Integrated Encryption Scheme) as specified in ANSI X9.63 and the IEEE
P1363a Draft.
Bill
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
Sent: September 19, 2007 7:35 AM
To:
Hello,
As far as I could see the ASN.1 is used basically to calculate the
size of the signature (at least on the ecdsa side). So if I know
exactly the size of the signatures then I can only remove the use of
the ASN.1?
ECDSA functions works in general on BIGNUM's (packed in some structures)
I can't allow our production users to get invalid certificate errors
nor do I want to affect my clients with redirection requests. I am also
helping our Exchange2007 folks with the autodiscovery function and the
MS docs recommend a SAN-certificate for these very reasons. In my test
environment,
So could someone guide me with the best practices used in such scenarios?
Is there a way to securely embed the private key in the installers / CA
certificate?
I guess I'm confused. What purpose would a certificate serve if anyone can
generate one that serves any purpose?
If I can generate a
Once I purchase a trusted certificate, I was assuming both of these
warnings would be removed; I thought a SAN-certificate would allow me to
connect to the website using alternative names without getting the
invalid or does not match warning.
Thanks,
David
What error are you getting now?
On Wed, Sep 19, 2007 at 08:01:28AM -0700, David Schwartz wrote:
So could someone guide me with the best practices used in such scenarios?
Is there a way to securely embed the private key in the installers / CA
certificate?
I guess I'm confused. What purpose would a certificate serve if
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rodney Thayer
Sent: Thursday, September 13, 2007 7:47 PM
To: openssl-users@openssl.org
Subject: Re: Are there any CA packages that support XMLRPC?
Richard Hartmann wrote:
On 13/09/2007, Rodney Thayer
I ran the following command,
openssl x509 -text -in certname.crt
but I do not see any of the subjectAltNames from my config file. Is
this the correct command to see the names in the cert?
I am not getting an error, per say, but a common IE warning message
about, invalid or does not match
Hello, All,
is anybody experienced the following error:
error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record
mac
thank you for any help in advance.
Richard
-
Check out the hottest 2008 models today at Yahoo!
I am replying to myself to clarify somthing which I should have put
better:
I want to run my own CA, not buy certificates from established ones.
Sorry for asking a misleading question :/
Richard
__
OpenSSL Project
From what I can tell the extensions are just not being added to my
certificate.
I see no indication the extensions were added in the output of the
following command ...
[EMAIL PROTECTED]:Active] ssl.crt # openssl x509 -in
btesting.bx05.com.crt -noout -text
Certificate:
Data:
Version:
On Wed, Sep 19, 2007 at 04:09:29PM -0500, Murphy, David F wrote:
From what I can tell the extensions are just not being added to my
certificate.
I see no indication the extensions were added in the output of the
following command ...
[EMAIL PROTECTED]:Active] ssl.crt # openssl x509 -in
Hi,
My requirement is to write to a new engine that will be loaded by an
application for its crypto functionalities. The engine shall
communicate with the smart card for encryption/ decryption, and
digital signature.
I have no clue how to start with. Is there any documentation available
regarding
32 matches
Mail list logo
