Thanks all for detailed reply,
demos/x509/mkcert.c approach:
I understood that I dont need to create Certificate signing request (CSR)
and I can directly create
X509 *My_cert ,
and sign it with my CA certificate/key.
demos/x509/mkreq.c approach:
Still i dont understand that,
Hello Sukalp,
I have tried to use the code snippet provided by use . I am able to create
the ASN_object and get the data also.but the data is not in readable form.
I use X509 instead of X509V3.
Here is the code that i have used :
*Ret = X509_get_ext_by_NID(cert, field_NID, 0);
if ((Ret
Hi,
there are two open source CA systems I am aware of, although I haven't tried
them out.
I think they can be a good starting point instead of doing everything from
scratch :-)
http://pki.fedoraproject.org/wiki/PKI_Main_Page
http://openca.org/projects.shtml
marco
PS: Adding a Subject line
I'm trying to setup my application to allow for the use of client
certificates. I am using the capi engine to pull from the Windows store.
I setup my ssl connection and it works fine if I set the correct
certificate using SSL_CTX_use_certificate_ASN1
ENGINE_load_private_key.
From what I've
Hi folks,
I have a FIPS capable OpenSSL library, where libcrypto.so and libssl.so get
linked into my product during build. I'm using FIPS 2.0 and OpenSSL 1.0.1c.
To the best of my knowledge, on the build machine I can do the following:
for fips, I call
./config
make
make install
where I give
On 7/26/12, Puneet Khunteta khunteta.pun...@gmail.com wrote:
Hello Sukalp,
I have tried to use the code snippet provided by use . I am able to create
the ASN_object and get the data also.but the data is not in readable form.
I use X509 instead of X509V3.
Here is the code that i have used :
Same Status !!
Regards,
Puneet
On Thu, Jul 26, 2012 at 2:49 PM, Saurabh Pandya
er.saurabhpan...@gmail.comwrote:
On 7/26/12, Puneet Khunteta khunteta.pun...@gmail.com wrote:
Hello Sukalp,
I have tried to use the code snippet provided by use . I am able to
create
the ASN_object and get
On Thu, Jul 26, 2012 at 3:45 AM, Marco Molteni (mmolteni)
mmolt...@cisco.com wrote:
Hi,
there are two open source CA systems I am aware of, although I haven't tried
them out.
I think they can be a good starting point instead of doing everything from
scratch :-)
Hello Stephen,
On using the suggestion provided by you , got the following output snippet
It shows extusage-data Empty.
Regards,
Puneet
On Wed, Jul 25, 2012 at 4:01 PM, Dr. Stephen Henson st...@openssl.orgwrote:
On Wed, Jul 25, 2012, Puneet Khunteta wrote:
Hello,
I am an user of
On 26.07.2012 12:57, Tom Browder wrote:
On Thu, Jul 26, 2012 at 3:45 AM, Marco Molteni (mmolteni)
mmolt...@cisco.com wrote:
Hi,
there are two open source CA systems I am aware of, although I
haven't tried them out.
Also make sure to check out OpenXPKI (http://www.openxpki.org/)
On Thu, Jul 26, 2012 at 5:57 AM, Tom Browder tom.brow...@gmail.com wrote:
On Thu, Jul 26, 2012 at 3:45 AM, Marco Molteni (mmolteni)
mmolt...@cisco.com wrote:
Hi,
there are two open source CA systems I am aware of, although I haven't tried
them out.
I think they can be a good starting
On Thu, Jul 26, 2012 at 6:20 AM, Florian Rüchel
florian.ruec...@ruhr-uni-bochum.de wrote:
...
Also make sure to check out OpenXPKI (http://www.openxpki.org/)
Now that looks much better!
Best regards,
-Tom
__
OpenSSL Project
Yes it is independent and what I meant is that It is either one and I doubt
you one to go for such hybrid to be consistent and for key provisioning.
Actually ECDSA or ECC is another efficient crypto also worth exploring.
Overall it is up to you how you will want to make it operational
On Thu, Jul 26, 2012 at 7:20 AM, Florian Rüchel
florian.ruec...@ruhr-uni-bochum.de wrote:
On 26.07.2012 12:57, Tom Browder wrote:
On Thu, Jul 26, 2012 at 3:45 AM, Marco Molteni (mmolteni)
mmolt...@cisco.com wrote:
Hi,
there are two open source CA systems I am aware of, although I haven't
On Thu, Jul 26, 2012 at 4:45 AM, Marco Molteni (mmolteni)
mmolt...@cisco.com wrote:
Hi,
there are two open source CA systems I am aware of, although I haven't
tried them out.
I think they can be a good starting point instead of doing everything from
scratch :-)
On Wed, Jul 25, 2012, Cassie Helms wrote:
Hi folks,
I have dynamically linked a FIPS capable OpenSSL library (libcrypto.so and
libssl.so) into my product's build, but still get a fingerprint does not
match
error when I call FIPS_mode_set(1). This is using a validated copy of FIPS
2.0
On Thu, Jul 26, 2012 at 7:56 AM, Ted Byers r.ted.by...@gmail.com wrote:
On Thu, Jul 26, 2012 at 7:20 AM, Florian Rüchel
florian.ruec...@ruhr-uni-bochum.de wrote:
Also make sure to check out OpenXPKI (http://www.openxpki.org/)
And I just found
What platform is the target system?
cat /etc/*-release: RHEL Server 5.5 (Tikanga)
uname -mrs: Linux 2.6.18-194.el5 x86_64
Build system specs are the same as these.
After you build the validated module do this:
make build_algvs
This should build an fips_algvs binary in the test directory.
Apologies, this thread is a duplicate of the one Dr. Henson is already
responding to. The authentication system made it unclear whether or
not my original question would post yesterday. Please do not respond
to this thread.
Cassie
Hi All,
I have created a self-signed CA certificate, a Client certificate and a
Server certificate. I signed the Client and Server certificates with the
self-signed CA certificate and placed all certs in the appropriate
locations. Then attempted to create an SSL connection with 'openssl
Hi all, I am a C++ developer, and I need an implementation of blowfish
encoding under linux.
Everything seems working well if using BF_ functions, but I found some
problems with EVP_bf interface, using key shorter than 128 bits.
This code exemplify the problem.
#include string
#include
On Thu, Jul 26, 2012, Cristiano Toninato wrote:
This simple test program should print always the same result, but
with openSSL 0.9.8o and gcc 4.5.2 output is
From http://www.schneier.com/code/vectors.txt, cipher bytes should
be 51866FD5B85ECB8A
Test BF_ecb_encrypt(): 51866FD5B85ECB8A
Test
I need to figure out which client certificates are issued by valid CAs
(according to the server).
I set a callback with SSL_CTX_set_client_cert_cb
In the callback I get the list of CAs from the server with
STACK_OF(X509_NAME) *pX509Names = SSL_get_client_CA_list(ssl)
Now I have a
On Wed, Jul 25, 2012, Fili, Tom wrote:
I'm trying to setup my application to allow for the use of client
certificates. I am using the capi engine to pull from the Windows store.
I setup my ssl connection and it works fine if I set the correct
certificate using SSL_CTX_use_certificate_ASN1
From: owner-openssl-us...@openssl.org On Behalf Of Hasan, Rezaul (NSN -
US/Arlington Heights)
Sent: Thursday, 26 July, 2012 12:02
I have created a self-signed CA certificate, a Client certificate and a
Server certificate. I signed the Client and Server certificates with
the self-signed CA
From: owner-openssl-us...@openssl.org On Behalf Of Saurabh Pandya
Sent: Thursday, 26 July, 2012 02:52
demos/x509/mkcert.c approach:
I understood that I dont need to create Certificate
signing request (CSR) and I can directly create
X509 *My_cert ,
and sign it with my CA
Do roughly the same thing apps/ca.c does, except you probably don't
need all its options but may want some other options:
Create an X509 and set all needed X509_CINF fields in that X509
to values that you either extract from the X509_REQ and approve,
or choose by your own logic (serial at
27 matches
Mail list logo
