Thomas:
You make very good suggestions. Of them all (aside from the use of tact in
approaching the developers :-) ), I think that easy-to-follow code examples
would improve the openSSL experience more than anything else you identify.
These examples could even provide a natural context for the
I have created a CA and an intermediate CA. I use the intermediate CA to
create self-signed s/mime certificates for end users which works fine. I
need to be able to create .pfx files form those end user certificates
and include the CA chain into the pfx file. Currently the command I use
to
It tends to be a shortcoming of many, many types of software documentation
that it is feature-oriented rather than task-oriented. That is, it does a
good job of saying this switch does this, that parm specfies that and a
poor job of answering the question I want to accomplish X. What the heck do
I
On Mon, Nov 19, 2012, Deeztek.com Support wrote:
I have created a CA and an intermediate CA. I use the intermediate
CA to create self-signed s/mime certificates for end users which
works fine. I need to be able to create .pfx files form those end
user certificates and include the CA chain
On Mon, Nov 19, 2012, Deeztek.com Support wrote:
Sorry, I'm not sure what you mean by concentrate the CA certificate
together.
Join the root and intermediate CAs together in one file e.g. like this
under Linux:
cat intermediateca.pem root.pem cacerts.pem
Then pass -certfile cacerts.pem to
Nevermind the last message, you said *concatenate* the CA certificate
together. So, this is what i did:
Root cert:
cat ca.crt cachain.pem
Int-ca cert:
cat int-ca.crt cachain.pem
Ran the following but it didn't work:
openssl pkcs12 -export -out someone.pfx -inkey someone.key -in
On Mon, Nov 19, 2012, Deeztek.com Support wrote:
Nevermind the last message, you said *concatenate* the CA
certificate together. So, this is what i did:
Root cert:
cat ca.crt cachain.pem
Int-ca cert:
cat int-ca.crt cachain.pem
Ran the following but it didn't work:
openssl
On Mon, Nov 19, 2012 at 9:45 AM, John Zavgren j...@zavgren.com wrote:
Thomas:
You make very good suggestions. Of them all (aside from the use of tact in
approaching the developers :-) ), I think that easy-to-follow code examples
would improve the openSSL experience more than anything else you
I meant, I run the command, I get no error, no pfx file is created and I
simply get the openssl help command:
Usage: pkcs12 [options]
where options are
-export output PKCS12 file
-chainadd certificate chain
-inkey file private key if not infile
What do you mean didn't work?
On Mon, Nov 19, 2012, Deeztek.com Support wrote:
Nevermind the last message, you said *concatenate* the CA
certificate together. So, this is what i did:
Root cert:
cat ca.crt cachain.pem
Int-ca cert:
cat int-ca.crt cachain.pem
Ran the following but it didn't work:
openssl
I fixed the command and it created the end user .pfx file. It imported
successfully into windows but I get this message when I looked at the
certification chain for the intermediate ca:
This certification authority is not allowed to issue certificates or
cannot be used as an end-entity
On Mon, Nov 19, 2012 at 10:53 AM, Deeztek.com Support
supp...@deeztek.com wrote:
I fixed the command and it created the end user .pfx file. It imported
successfully into windows but I get this message when I looked at the
certification chain for the intermediate ca:
This certification
On 11/19/2012 5:19 AM, Thomas J. Hruska wrote:
On 11/13/2012 11:34 AM, Sanford Staab wrote:
I have been struggling with openssl for a few months now writing batch
scripts on windows trying to make a .net web client with a client
certificate work with 2-way ssl against an apache web server.
Do
Can you post here the certificate chain? Not the private key, only the
certificates, from the root down to the end-entity.
--
Erwann ABALEA
-
Ca se fait pas du tout d'avoir donné toutes les adresses email des
votants C bon pour les spammers ça !
[suit la liste intégrale des votants mal
Am 19.11.2012 15:45, schrieb John Zavgren:
So, what is a list of easy-to-follow code examples? Here are some
suggestions:
1.) read private key and a message from a file: encrypt message with
private key, write encrypted buffer to (another) file.
2.) read cert and private key, read file, compute
On 10/27/2012 06:30 PM, Michael Zintakis wrote:
Maybe a bit daft of me to ask this, but is it possible to calculate a
hash on a stream of bytes where the resulting hash is considered to be
part of that stream?
In other words, lets assume that I have a stream which is, say, 64
bytes long in
On Mon, Nov 19, 2012 at 9:24 AM, lists li...@rustichelli.net wrote:
By its nature, a hash completely changes if just a bit of the original
content is modified
By design, a cryptographic hash function (on average) changes half the
output bits when a single bit in the input is inverted.
I'm assuming this is what you want. This is the contents of my chain file:
-BEGIN CERTIFICATE-
MIIFlDCCA3ygAwIBAgIJAJsm0MjspJZLMA0GCSqGSIb3DQEBBQUAMDoxGDAWBgNV
BAMTD2NhMy5kZWV6dGVrLmNvbTEeMBwGCSqGSIb3DQEJARYPY2EzQGRlZXp0ZWsu
Thanks.
The first certificate is your root CA, the second one is a version 1
certificate that can't be used as a CA (it would be insecure to allow it).
If your end-user certificate is issued by this second certificate, then
the error message is normal.
--
Erwann ABALEA
-
anatomie:
Maybe I got something wrong creating the intermediate CA which is
supposed to be the 2nd certificate. This is what I did to create the
intermediate CA. Maybe I missed something?
Generated Intermediate CA key:
openssl genrsa -out ia.key 4096
Generated Intermediate CA Certificate Request:
Answers inline.
--
Erwann ABALEA
-
Un forum peut répondre à plusieurs besoins à la fois
Ici, le groupe des débutants dépasse en nombre le groupe des utilisateur
middle-class ce qui provoque inévitablement des tensions.
-+- EF - Guide du Neuneu d'Usenet - La lutte des middle classes -+-
Le
On Mon, Nov 19, 2012, Erwann Abalea wrote:
You should get better CA scripts, or build your own set after
reading your openssl.cnf file and other associated documentation.
man req
man x509
man ca
man x509v3_config
When I need a junk CA, I personaly use openssl req to create the
root,
22 matches
Mail list logo
