Jeremy Bratton schrieb:
> I'm currently working on a client/server order system that uses SSL
> with client and server certificates. I'm using OpenSSL via Ruby.
> Everything has been working well, but we need to add a new trading
> partner to the system and they required us to get a different
> cer
Ian jonhson schrieb:
> Oh... Are there any example codes for doing this job with openssl API?
Did you actually read my former mail? You replied to it with
> The book is very necessary for me.
Look that mail up in your archive, it contains URLs to an example in C.
--ck
___
Ian jonhson schrieb:
>
> Did you successfully create second delegated proxy? How to create?
> Are there something wrong with my commands?
I never used the command-line tools. I did all my work with OpenSSL's C API.
Sorry I can't help.
--ck
___
Fadil Sutomo schrieb:
> OK. Now I have a question about OpenSSL. Is there anyone of you know
> whether OpenSSL supports X509 LogoType Extension? As I am trying to put
> a logo into the certificates.
>From a quick glance at RFC3709, the LogoType extension looks to me like a
>normal
X.509 extension
Ian jonhson schrieb:
> Hi,
>
> As we know, a user owned certificate can delegate his proxy to finish
> hit grid task. If the applications with user's proxy run in a node
> need to access remote data node, it have to create next level proxy by
> its current proxy.
>
> How to create next proxy? If
Bruce Stephens schrieb:
> X509_get_ext_count(), X509_get_ext(), and the usual stack macros
> STACK_OF(X509_EXTENSION), sk_X509_EXTENSION_push() and so on, I guess.
>
That does the trick. However, I'm stumped at how to convert an extension
value back to a string. I call
obj = X509_EXTENSION_get_
Hi,
how can I extract all extensions from a certificate into a
STACK_OF(X509_EXTENSION)? For certificate requests, there is
X509_REQ_get_extensions that returns this stack, but how is that done
with an actual certificate?
Regards,
--ck
Goetz Babin-Ebell schrieb:
>
>> The key is somehow wrong, but how? And why?
> It contains only the public part of the key.
>
> The private part seems to get lost in between...
You are so right. In the course of my copy&paste work of art, I
reassigned pkey with... guess what? The certificate's publ
Hello,
I have isolated the problem to the private key that seems to be
incorrectly generated. When I take my self-created certificate and my
self-created RSA key and try to convert them to PKCS#12, the following
error occurs:
[EMAIL PROTECTED] kunz]$ openssl pkcs12 -export -in testcert.pem -inkey
Dr. Stephen Henson schrieb:
> Hmmm that error shouldn't be encountered when you load a certificate. It
> suggests that you have an RSA private key but that it is in an invalid format.
>
I forgot to mention that openssl x509 -text -noout -in mycertchain.pem
does produce valid output, and seems to
Hi,
I am using the examples from the O'Reilly book "Network Security with
OpenSSL" (X.509 section) to create a CSR, push a custom extension into
it and sign that CSR with a given private key. This - in general - works
OK, but when I want to use the resulting certificate chain (I have the
signing c
hi list,
on our little linux playground box (Debian, Kernel 2.2.15), openSSL
locks up the machine while doing
- SNIP -
gcc -I.. -I../../include -DTHREADS -D_REENTRANT -DL_ENDIAN -DTERMIO -O3
-fomit-frame-pointer -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -
c -o md2_one.o md2_one.c
- SNAP -
i
12 matches
Mail list logo