Hi,
Can you post the complete command to generate the self signed certificate ,
the case where the verification worked for you?
Thanks
--
View this message in context:
http://openssl.6102.n7.nabble.com/Verifying-self-signed-certificate-tp18922p47362.html
Sent from the OpenSSL - User mailing
Hello,
We have application servers, written in C, which can be configured to do
SSL or not. In any case they send out a goodmorning message, ciphered
with SSL or in clear text if they run configured in clear text.
What would be the best method for a C-written client to figure out if
the server
Hi,
I am using 0.9.8.s openssl and due to some limitation I cann't upgrade to
latest versions to tackle CVE-201300169. So is there any easy process to
disable CBC based ciphers.
Also is there a way to know which ciphers client and servers are using?
Regards,
Alok
Hi Manoj,
if you want to generate just one selfsigned
certificate, this would be the easiest:
# generate key and self signed cert with one command
openssl req -x509 -nodes -days 3650 \
-subj '/C=DE/ST=some-state/L=somewhere/CN=example.com' \
-newkey rsa:1024 -keyout key.pem -out cert.pem
#
Hi Ted,
I think there are two different approaches to your question: One is with
a single
CA which will sign all certificates. Some CA software packages include
mechanisms
to automatically sign certificate requests coming in (that would be on
the main CA).
The RA's are web-applications where
Hi, I am trying to create a client/server application on windows 7, where I
have used self signed certificate at server side as well as at client side.
I used SSL_CTX_use_certificate_file and then SSL_CTX_use_PrivateKey_file API
to load the certificate and key.When there is a SSL_connect() call
Hi Manoj,
I don't know this API, but I believe it complains about the fact that
the certificate is self-signed.
Maybe there are some means to add the certificate to trusted
certificates, maybe it is sufficient to copy it somewhere, where your
openssl looks for trusted certificates (in Linux it
Windows has its own System wide certificate store;
look at certmgr.msc
keep in mind, that some applications have their own store
e.g. Mozilla ThunderBird, Mozilla FireFox
and some other can use this system wide certificate store
e.g. Adobe Reader/Pro/Std
Walter
On 15.11.2013 09:57, Manoj
Traditionally, there are 2 methods that immediately come to mind. One way is to
have the SSL version of the server listen on a different port than the plain
text version. Alternatively, your protocol could include a STARTTLS like
command that indicates that the system wants to communicate
The common practice is for clients to connect in the clear, then issue a
command to turn on TLS, such as the SMTP STARTTLS command.
--
Principal Security Engineer
Akamai Technology
Cambridge, MA
__
OpenSSL Project
El día Friday, November 15, 2013 a las 12:58:40PM -0500, Watson, Patrick
escribió:
Traditionally, there are 2 methods that immediately come to mind. One way is
to have the SSL version of the server listen on a different port than the
plain text version. Alternatively, your protocol could
I was thinking more in a solution where the client reads the first 8 bytes
from the socket and checks if the beginning of the GoodMorning message is
there in clear text (like 220 SLNP) and if not it should handover this
buffer and the socket fd for further SSL handshake... Is this
12 matches
Mail list logo
