-vm5.tubit.tu-berlin.de:636
everything works smoothly - no errors.
Any help will be apreciated,
Gerd
P.S: I add the complete exerpt from the ldap log a attachment.
--
--
-- Gerd Schering, Email: scher...@tubit.tu-berlin.de
Lutz Jaenicke wrote:
Gerd Schering wrote:
Hello,
we purchased a hrng for the generation of RSA keys for instance.
It is an USB device an shows up as /dev/qrandom.
So, in order to generate rsa keys, is it sufficient to use it as a
replacement for /dev/urandom and to call genrsa as
openssl
shure about the role of /dev/urandom: does it deliver a
(pseudo) random number or the salt for the PRNG?
Gerd
--
--
-- Gerd Schering, Email: [EMAIL PROTECTED]
--
smime.p7s
Description: S/MIME
sions Test-Server-CA_extensions -notext \
-out /home/tc/new-cert.pem -batch
Any hint?
I'm using OpenSSL 0.9.8 05 Jul 2005, is this to old?
Gerd
--
------
-- Gerd Schering, Email: [
Hi,
in the template config file that came with 0.9.8, I found that
subjectAltName=email:copy
subjectAltName=email:move
are both possible, but what is the difference?
Gerd
--
--
-- Gerd Schering, Email: [EMAIL PROTECTED
Hallo,
could someone tell me how can I se if a CSR contains utf8 strings in the
DN ?
openssl req -in csr -noout -text -nameopt show_type
has not the desired effect.
Gerd
--
--
-- Gerd Schering, Email: [EMAIL PROTECTED
Richard Levitte wrote:
Gerd Schering writes:
Sorry for this question, of course we have rfc2459.
*ahem* 3280
Cheers,
Richard
Yes, yes you're so right!
--
--
-- Gerd Schering, Email: [EMAIL PROT
leString.
Gerd
--
------
-- Gerd Schering, Email: [EMAIL PROTECTED] --
-- TU Berlin, Zentraleinrichtung Rechenzentrum --
-- Sekr. E-N 50, Einsteinufer 17, 10587 Berlin --
-- phone: +49 30 314 24383, fax: +
Gerd Schering wrote:
B.t.w. is there an rfc or something else where the allowed string types
are defined?
Sorry for this question, of course we have rfc2459.
Gerd
--
--
-- Gerd Schering, Email: [EMAIL PROTECTED] --
-- TU Berlin
else where the allowed string types
are defined?
Gerd
--
--
-- Gerd Schering, Email: [EMAIL PROTECTED] --
-- TU Berlin, Zentraleinrichtung Rechenzentrum --
-- Sekr. E-N 50, Einsteinufer 17, 10587 Berlin --
-- phone: +49 30 314 24383
--
--
-- Gerd Schering, Email: [EMAIL PROTECTED] --
--
smime.p7s
Description: S/MIME Cryptographic Signature
tely the same.
I'm using OpenSSL 0.9.8-dev XX xxx .
Is this a version issue?
Gerd
--
--
-- Gerd Schering, Email: [EMAIL PROTECTED] --
-- TU Berlin, Zentraleinrichtung Rechenzentrum --
-- Sekr. E-N 50, Einsteinufer 17,
Hi,
does anyone know about Peter Gutmann's cryptlib and how it compares to
openssl?
Gerd
--
--
-- Gerd Schering, Email: [EMAIL PROTECTED] --
--
smime.p7s
Description: S/MIME Cryptogr
.
But when the included cert is expired I get an error and nothing is output.
How can I retrieve the message content and the expired cert?
Thanks,
Gerd
--
--
-- Gerd Schering, Email: [EMAIL PROTECTED
Richard Levitte - VMS Whacker wrote:
In message <[EMAIL PROTECTED]> on Fri, 24 Sep 2004 11:29:23 +0200, Gerd Schering <[EMAIL
PROTECTED]> said:
Schering> is it possible to use domain name components - as in ldap -
Schering> for the certificate dn, i.e. something like
Schering>
Hi,
is it possible to use domain name components - as in ldap - for the certificate
dn, i.e. something like dc=mycompany,dc=com instead of the C=US,... staff?
Gerd
--
--
-- Gerd Schering, Email: [EMAIL PROTECTED
es part of the base64-encoded data, or get
the data encoded first?
Thanks,
Gerd
--
--
-- Gerd Schering, Email: [EMAIL PROTECTED] --
--
smime.p7s
Description: S/MIME Cryptographic Signature
Rich Salz wrote:
Gerd Schering wrote:
Hi,
It is possible (via the ca utility) to revoke certificates that
already have expired.
Hard to say. The ITU X.509 standard says that if a certificate is
revoked, it stays on the CRL for one CRL past its expiration date. In
other words, if the order
Richard Levitte - VMS Whacker wrote:
In message <[EMAIL PROTECTED]> on Fri, 28 Nov 2003 11:02:56 +0100, Gerd Schering <[EMAIL PROTECTED]> said:
Schering> when I try to update the database via
Schering>
Schering> openssl ca -config $Config -updatedb
Schering>
Schering>
Hi,
sorry for the signature of the prceeding post.
I thaught, I told my email client explicitly not to do so, but maybe it
ignored the directive or it was my fault.
Sorry,
Gerd
--
--
-- Gerd Schering, Email: [EMAIL PROTECTED
name index:(2,223,364)
It is clear, there is some sort of index clash, but what is the meaning
of "(2,223,364)", especially of the last two numbers?
Thanks, Gerd
--
------
-- Gerd Schering, Email: [
--
--
-- Gerd Schering, Email: [EMAIL PROTECTED] --
--
smime.p7s
Description: S/MIME Cryptographic Signature
Gerd
--
--
-- Gerd Schering, Email: [EMAIL PROTECTED] --
--
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[
its or where to look for?
Thanks,
Gerd
--
------
-- Gerd Schering, Email: [EMAIL PROTECTED] --
--
__
--
--
-- Gerd Schering, Email: [EMAIL PROTECTED] --
--
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
s auch beantwortet und ich hab
es übersehen?
Gruß,
Gerd
--
--
-- Gerd Schering, Email: [EMAIL PROTECTED] --
-- TU Berlin, Zentraleinrichtung Rechenzentrum --
-- Sekr. E-N 50, Einsteinufer 17, 10587 Berlin
Thanks!
Erwann ABALEA wrote:
On Wed, 20 Nov 2002, Gerd Schering wrote:
I have the following CA/cert hierachy:
rootca -> serverca -> servercert
when I look at the authorityKeyIdentifier in the servercert I see:
keyid: O.K.
serial: O.K.
but DirName is NOT the DirName of the serverca b
g on?
Gerd
--
------
-- Gerd Schering, Email: [EMAIL PROTECTED] -
--
__
OpenSSL Project http://www.openssl.org
User Support M
Lutz Jaenicke wrote:
On Fri, Oct 18, 2002 at 02:23:29PM +0200, Gerd Schering wrote:
[..]
2. When RANDFILE is pointing to a plain file, I notice that after each
use, data is written back and the file gets larger and larger.
I understand, that it is necessary to save a new seed for the PRNG
for seeding, when generating
for instance a 2048 bit RSA key?
Best regards,
Gerd Schering
--
--
-- Gerd Schering, Email: [EMAIL PROTECTED] --
--
smime.p7s
Description: S/MIME Cryptographic
?
Thanks, Gerd
--
------
-- Gerd Schering, Email: [EMAIL PROTECTED] --
--
smime.p7s
Description: S/MIME Cryptographic Signature
anyone know where I can get the
> libcrypto.so.2. ???
>
> I am using Linux Mandrake 8.1
>
libcrypto.so.x is included in the libopenssl0-0.9.6c-2mdk rpm-package.
Gerd
--
--
-- Gerd Sch
aphic operations are really
always performed by the board? (sounds somewhat silly, I know)
Gerd
--
--
-- Gerd Schering, Email: [EMAIL PROTECTED] --
-- TU Berlin, Zentraleinrichtung Rechenzentrum --
-- Sekr. E-N 50, Einst
_DLFCN_H
-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -DSHA1_ASM
-DMD5_ASM -DRMD160_ASM
[...]
--
------
-
--
-- Gerd Schering
-- Email: [EMAIL PROTECTED]
--
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
address below. The address
in the header might be misleading or not available!
--
-- Gerd Schering
-- Email: [EMAIL PROTECTED
,
which is not present in its DER encoding, for instance:
..
1.0.8571.2:
.^[EMAIL PROTECTED]
The encoding in the config file was:
1.0.8571.2=DER:16:0D:74:65:73:74:31:40:72:73:61:2E:63:6F:6D
Maybe caused by emacs?
Any hint, or simply ignore?
Thanks,
Gerd
Gerd Schering wrote:
>
>
Sorry for that email.
I think I found the list in openssl.txt.
Gerd
Gerd Schering wrote:
>
> Hi,
>
> does a list of currently supported X.509v3 extension
> by OpenSSL exist?
> It seems to me, that the information is scattered about
> various
Hi,
does a list of currently supported X.509v3 extension
by OpenSSL exist?
It seems to me, that the information is scattered about
various documents.
Gerd
--
-- Gerd Schering
-- Email: [EMAIL PROTECTED
On Tue, 08 Aug 2000, you wrote:
I dont know about 0.9.4 but under 0.9.5a you can do a make linux-shared to get
the shared library stuff. But you still have to put the *so* files somewhere in
your library path and do a ldconfig or whateverver is appropriate for your
system.
Gerd
> Hi,
> A
Hi,
are there tools that come with OpenSSL, suitable to achieve a rudimentary form
of key and certificate management?
What I mean is this:
-how can I ensure that a special key does not get certified twice or for
another purpose?
-how/where have certs and eventually keys t
Hi,
we use netscape certificate server (ncs) for S/Mime certs.
Unfortunately our ncs restricts the length of the root key to 1024 bits.
Is is possible to import an openssl-generated key + cert into ncs?
Gerd
--
-- Gerd Schering
-- Email
On Mon, 17 Jul 2000, you wrote:
> How can I get shared dynamic libraries (e.g. .so files) of libssl and
> libcrypto? I've tried "./Configure linux-elf" and that does not give
> me any more than the 2 .a files.
>
do a "make linux-shared".
This builds the libs in the source tree. You have to copy
When compiling opensll on a linux-redhat-6.0 system I get a library
"libRSAglue.a". I cant figure out what it does.
BTW when compiling openssl under mandrake-7.0 (=redhat-6.1) I do not get this
lib.
Even more strange:
under redhat-6.0 - when generating a rsa key for instance - openssl never stops
On Wed, 12 Jul 2000, you wrote:
EVRANDOM" that is set in e_os.h.
>
> Did you specify RANDFILE /dev/urandom?
>
> Best regards,
As environment variable or in openssl.cnf you mean?
No I didnt.
Ciao
Gerd
__
OpenSSL Project
On Wed, 12 Jul 2000, you wrote:
>
> Did you specify "-rand /dev/urandom" on the command line?
> You MUST NOT do that. If you have /dev/urandom, the OpenSSL library and
> applications will silently query it for you.
> If you specify it on the command line, the "-rand" option tries to use
> the who
Excuse me,
for mailing this question once again, but now I know a little bit more:
I´ve compiled openssl-0.9.5a with shared libs under linux (make linux-shared).
After installing the shared libs I ran "make test".
Most of the tests just seem to be o.k., but when it comes to the generation of
a sel
Hi,
I´ve compiled openssl-0.9.5a with shared libs under linux (make linux-shared).
After installing the shared libs I ran "make test".
Most of the tests just seem to be o.k., but when it comes to the generation of
a self signed cert from a certificate request generated by the test
suite, i.e.:
"
48 matches
Mail list logo