What? No plug for pathfinder?
-Original Message-
From: owner-openssl-us...@openssl.org on behalf of Patrick Patterson
Sent: Fri 7/16/2010 11:58 AM
To: openssl-users@openssl.org
Subject: Re: Help creating certificate chain
Hello Hugo:
On July 16, 2010 02:31:53 pm Hugo Garza wrote:
> Hel
Thank you very much so far with all the input you have given me. I
have few more questions. I am going to have to give up on interfacing
with the Windows Crypto library and put openssl on my client as well.
However, my client will be running Windows CE 6.0 with an ARM processor.
Are the
On Fri, Jul 16, 2010, Hugo Garza wrote:
> Hello Stephen, thank you for your comment that made the verification pass.
> But I'm a bit confused now.
>
> Just as a demo I moved these certs to my windows computer and installed the
> Root CA into my current user's Trusted Root Certificate Authorities
Hello Hugo:
On July 16, 2010 02:31:53 pm Hugo Garza wrote:
> Hello Stephen, thank you for your comment that made the verification pass.
> But I'm a bit confused now.
>
> Just as a demo I moved these certs to my windows computer and installed the
> Root CA into my current user's Trusted Root Certi
Hello Stephen, thank you for your comment that made the verification pass.
But I'm a bit confused now.
Just as a demo I moved these certs to my windows computer and installed the
Root CA into my current user's Trusted Root Certificate Authorities folder
using the MMC certificates snap in. Then I d
Hi Luis:
See reply inline:
On July 16, 2010 11:05:46 am Luis Neves wrote:
>
> besides this, why I have to force httpd.conf with a SSLOCSPDefaultResponder
> directive? Shouldnt the mod_ssl code discover automatically the responder
> address from the client certificate itself??
>
From your othe
Thanks Jakob, I just tried what you said by concatinating the Root and
Intermediate certificates to the user.crt file and tried running
openssl verify -CAfile ../root/ca-cert.crt user.crt
But it still fails with, error 20 at 0 depth lookup:unable to get local
issuer certificate. I would prefer
On Thu, Jul 15, 2010, Hugo Garza wrote:
> Hello All, I'm trying to get a basic root CA setup with an intermediate CA
> to handle all the end user certificate signing.
>
> So far I've created a Root CA
> I created an intermediate CA and signed it's certificate with the Root CA
> I created an end u
On 15-07-2010 21:26, Hugo Garza wrote:
Hello All, I'm trying to get a basic root CA setup with an intermediate CA
to handle all the end user certificate signing.
So far I've created a Root CA
I created an intermediate CA and signed it's certificate with the Root CA
I created an end user certific
All of the CA certificates in the chain of trust need to be included in
the CA file passed to the "-CAfile" option. To do this, simply
concatenate all of the PEM-encoded CA certificates into one file (e.g.
'cat >
cafile.pem' -- could be 'cat ../root/ca-cert.crt ../int/ca-cert.crt >
cafile.pem').
This makes sense to me.
Mounir IDRASSI talked about the SNI which made sense but the solution was not
an option.
Your suggestion is a little complex to setup in my load balancer, but very
doable and does not create a OS or Browser requirement.
I am very new to this list but you guys rock, I gue
good news and bad news!
good news first, Ive added all the correct certificates to the certificate
chain, now the following command works ok:
openssl ocsp -issuer /etc/pki/tls/certs/CC0003.pem -cert
/home/oracle/lneves.pem -url http://ocsp.auc.cartaodecidadao.pt/publico/ocsp
-CAfile /etc/pki/
On 16-07-2010 15:31, Richard Buskirk wrote:
I sent this situation off to the help team but maybe it is either that stupid
or that hard.
I have installed 2 SSL Certs on my server.
I am using a naming convention for apache configuration for each cert.
Server: Windows server 2008, Apache/2.2.14 (
Hi,
You Apache configuration uses SNI (Server Name Indication) which is not
supported on Windows XP using IE, Safari and Chrome. The client must be
running under Windows Vista and higher in order for SNI to work.
That being said, you are saying in your message that Firefox fails to
support
I sent this situation off to the help team but maybe it is either that stupid
or that hard.
I have installed 2 SSL Certs on my server.
I am using a naming convention for apache configuration for each cert.
Server: Windows server 2008, Apache/2.2.14 (Win32) mod_ssl/2.2.14
OpenSSL/0.9.8k PHP/5.2.
On 16-07-2010 12:40, Christian Hohnstaedt wrote:
On Fri, Jul 16, 2010 at 10:50:02AM +0100, Alexander Fisher wrote:
Hi
I've very recently decided to create my own Cert Authority in order to
produce certificates to replace all the built in self-signed ones on
devices such as routers,switches etc.
On Thu July 15 2010, Anthony Gabrielson wrote:
>
> On Jul 15, 2010, at 6:18 PM, Michael S. Zick wrote:
>
> > Interesting blog.
> >
> > One quick question on the first linked-to source at the top:
> > quote
> >memset(plaintext,0,sizeof(plaintext));
> >in_len = strlen(ciphertext);
> > end-
Hi Rudy,
I added call when needed because EncryptUpdate can be called more than once,
as long as EncryptFinal hasn't already been called. Once EncryptFinal has been
called your saying you have all the data you expect for that iteration. So if
your 292 bytes were coming in an iterations of N
On Fri, Jul 16, 2010, Luis Neves wrote:
>
>
> Ok, using your tip I confirmed that CA certificate is the CC0003.pem
> Ive include it at the end of ca-bundle.crt, pem encoded like the others on
> this file and used it as
>
> openssl ocsp -issuer /etc/pki/tls/certs/CC0003.pem -cert
> /home/orac
On Fri, Jul 16, 2010 at 10:50:02AM +0100, Alexander Fisher wrote:
> Hi
>
> I've very recently decided to create my own Cert Authority in order to
> produce certificates to replace all the built in self-signed ones on
> devices such as routers,switches etc.
>
> I'm having problems with the certifi
Hi
I've very recently decided to create my own Cert Authority in order to
produce certificates to replace all the built in self-signed ones on
devices such as routers,switches etc.
I'm having problems with the certificate signing requests generated by
Dell iDRAC6 management interfaces. The hostn
> Date: Thu, 15 Jul 2010 18:15:32 +0200
> From: st...@openssl.org
> To: openssl-users@openssl.org
> Subject: Re: OCSP_basic_verify:certificate verify error (Verify error:unable
> to get local issuer certificate)
>
> On Thu, Jul 15, 2010, Luis Neves wrote:
>
> >
> > some progress:
> >
> > o
Hello All, I'm trying to get a basic root CA setup with an intermediate CA
to handle all the end user certificate signing.
So far I've created a Root CA
I created an intermediate CA and signed it's certificate with the Root CA
I created an end user certificate and signed it with the intermediate C
Hello Anthony,
thank you for you fast reply. I visited your blog and analyzed your example.
There is one
question left. You added the comment "Call when needed" to your function
EVP_EncryptUpdate().
What does that mean? In my case I want to encrypt a string containing 292
bytes. After calling
EVP
24 matches
Mail list logo