Hi,
RFC 3647 defines certificte renewal as follows:
Certificate renewal means the issuance of a new certificate to the subscriber
without changing the
subscriber or other participant's public key or any other information in
the certificate.
http://www.faqs.org/rfcs/rfc3647.html (section
Dear list,
If I understand correctly, there are two X.509 v3 extensions that
determine key (companion to the given certificate) suitability for
e-mail signing:
1. extendedKeyUsage (EKU)
2. nsCertType
In particular,
1. Setting only emailProtection in EKU
or
2. Setting only email in
Hello,
Does OpenSSL put length constraints on the length of subject DN of
X.509certificate?
If not, what is the maximum length of the subject DN string?
Thanks in advance,
Arsen.
Hello there,
Does anybody know the answer to this question?
It is the first time my e-mail hasn't been answered on this mailing
list, I always get
very clear and detailed answers here... :(
Arsen.
Arsen Hayrapetyan wrote:
Hello,
I am using the latest version of OpenSSL (0.9.8e) and want
Hello,
I am using the latest version of OpenSSL (0.9.8e) and want to make the CRL
v2 (using openssl ca -gencrl) with the CRL extension 'CRL Number' and CRL
entry extension 'Reason Code'.
What shall I add to my openssl.cnf [ crl_ext ] ?
Thanks in advance,
Arsen.
Hello,
The user created a PKCS#10 request using 'openssl req -subj...' and
specified some subject distinguished name (DN), say
'/C=AM/O=Org/OU=Dep/DN=ABC'. When the certification authority signs this
request (for example, with command 'openssl ca...'), can it modify the
DN, say, set it to
Hi,
I would suggest using CSP - a perl wrapper for OpenSSL - to set up your CA:
http://devel.it.su.se/pub/jsp/polopoly.jsp?d=1026a=3290
You can download the source using CVS (see
http://devel.it.su.se/pub/jsp/polopoly.jsp?d=1025).
CSP is quite easy to use, at least, to get started. Here is the
Hello,
I have the following question:
unsigned char *plaintext = Test message;
unsigned char * ciphertext=NULL;
RSA *rsa =...; /*here I have an RSA key */
RSA_public_encrypt(strlen(plaintext), plaintext, ciphertext, rsa,
RSA_PKCS1_OAEP_PADDIN*G* );
What will be the length of ciphertext?
When
jimmy wrote:
Arsen Hayrapetyan wrote:
Hello,
I have the following question:
unsigned char *plaintext = Test message;
unsigned char * ciphertext=NULL;
RSA *rsa =...; /*here I have an RSA key */
RSA_public_encrypt(strlen(plaintext), plaintext, ciphertext, rsa,
RSA_PKCS1_OAEP_PADDIN*G
Hi Greg and Jason,
Greg Vickers wrote:
Hi all,
Jason Haar wrote:
Greg Vickers wrote:
Thanks again - we will do a re-key. Would I use the CA.pl script and
snip
I really hope someone who knows more than Greg and I can give an
authoritative answer to this question. I'd LOVE to know how
Hi Greg,
Greg Vickers wrote:
Argh, hit the send button before I had finished *blush*
Greg Vickers wrote:
Hi all,
I am in the process of renewing a root CA certificate (which is
expiring soon.) I should be able to use the original certificate
signing request to issue a new certificate
Hello,
I have a problem with OIDs during CA root certificate renewal.
I am using openssl 0.9.6b.
I've performed the following steps:
1) Converting existing certificate to CSR:
openssl x509 -x509toreq -in old_cert.pem -signkey PrivKey.pem -out careq.csr
2)Signing the request with existing private
Gerd Schering wrote:
Hi,
when trying to sign a CSR I get the following error:
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName:ASN.1 12:'xxx'
organizationName :ASN.1 12:'xxx'
organizationalUnitName:ASN.1
Hello all,
I have a question that comes from a real-life situation.
Suppose you have a CA that signed a CSR and prodused a certificate for
some user.
After sometime the CA revokes that certificate. Then that user sends to
a CA a new CSR.
The policy of the CA does not permit it to sign a CSR
Thank you Richard for a quick response,
Richard Levitte wrote:
Arsen Hayrapetyan writes:
Hello all,
I have a question that comes from a real-life situation.
Suppose you have a CA that signed a CSR and prodused a certificate for
some user.
After sometime the CA revokes that certificate
Thank you for response,
The function OBJ_obj2txt () expects the buffer length as a second argument.
Is it possible to determine the length of an extension from given
certificate to pass it to that function?
Arsen.
Dr. Stephen Henson wrote:
On Fri, Jul 22, 2005, Arsen Hayrapetyan wrote
Dr. Stephen Henson wrote:
On Sat, Jul 02, 2005, Dr. Stephen Henson wrote:
On Sat, Jul 02, 2005, Arsen Hayrapetyan wrote:
Hello,
I have the following question:
Suppose you have CA certificate /cacert.pem/ with the following
subjectName:
*/C=xx/O=aa/O=bb/CN=uu
Hello,
I have the public key certificate in cert.pem and I want to
extract the public key and store it in file pubkey.pem. I did
it with the following command: (openssl v.0.9.7a)
openssl x509 -in cert.pem -pubkey -noout pubkey.pem
However the following command did the strange things:
Hello,
I have the following question:
Suppose you have CA certificate cacert.pem with the following
subjectName:
/C=xx/O=aa/O=bb/CN=uu
Also you have the following in your openssl.cnf file (is used when CA
signs CSRs):
[ ca ]
default_ca = CA_default
[ CA_default ]
...
preserve = no # or
19 matches
Mail list logo
