Re: possible Bug in OpenSSL - rfc 3161 - TSA service

Hello, try this for generating the TSA-reply openssl ts -reply -config openssl.cnf -section tsa_timestamp -queryfile TSA-query -inkey ts.key -signer ts.crt -out TSA-reply where ts.crt and ts.key are the timestamping certificate and private key (without passphrase) and TSA-query is the

Re: possible Bug in OpenSSL - rfc 3161 - TSA service

Do you think OpenSSL is a game? On 11.03.2013 22:02, kap...@mizera.cz wrote: Thank you, but this thread is about TS from real Certification Authority and problem with attribute certificates. --kapetr Dne 11.3.2013 21:16, Walter H. napsal(a): Hello, try this for generating the TSA-reply

Syntax in extension section of openssl.cnf

Hello, I have the following: --- name = ASN1:SEQUENCE:section [ section ] value.1 = XXX:text --- what is possible to have instead of XXX? Thanks, Walter smime.p7s Description: S/MIME Cryptographic Signature

Re: [openssl-users] Syntax in extension section of openssl.cnf

Thanks, Walter On 28.02.2013 12:03, Erwann Abalea wrote: man asn1parse man ASN1_generate_nconf That should give you some bootstrap information. -- Erwann ABALEA - tridécatabulophobie: peur d'être treize à table Le 28/02/2013 11:16, Walter H. a écrit : Hello, I have the following

Re: x509 certificate conforming to RFC 3739

On 15.02.2013 07:42, Walter H. wrote: On Fri, February 15, 2013 07:07, Matthew Hall wrote: On Fri, Feb 15, 2013 at 07:03:20AM +0100, Walter H. wrote: Hello, can someone, please tell me, how to generate a certificate that conforms to http://www.ietf.org/rfc/rfc3739.txt (RFC 3739) Thanks

x509 certificate conforming to RFC 3739

Hello, can someone, please tell me, how to generate a certificate that conforms to http://www.ietf.org/rfc/rfc3739.txt (RFC 3739) Thanks, Walter __ OpenSSL Project http://www.openssl.org User

Re: x509 certificate conforming to RFC 3739

On Fri, February 15, 2013 07:07, Matthew Hall wrote: On Fri, Feb 15, 2013 at 07:03:20AM +0100, Walter H. wrote: Hello, can someone, please tell me, how to generate a certificate that conforms to http://www.ietf.org/rfc/rfc3739.txt (RFC 3739) Thanks, Walter Hi Walter, We could help

id-pda-dateOfBirth in Subject?

Hello, can someone please tell me the correct syntax and/or give me an example of using NID id-pda-dateOfBirth when requesting a certificate by calling openssl req -config openssl.cnf -new -key cert.key -subj /.../id-pda-dateOfBirth=? -out cert.csr must there be something special in the

Re: Problems creating valid signing certificats

On Wed, February 6, 2013 23:47, Thomas Koeller wrote: bash-4.0$ openssl verify -x509_strict -CAfile cacert/root_ca.pem -purpose sslserver cacert/host_ca.pem cacert/host_ca.pem: C = DE, ST = Hamburg, O = K\C3\B6ller Family, OU = K\C3\B6ller Family Certification Authority, CN = K\C3\B6ller

Re: overflow when calling X509_gmtime_adj() on 32-bit systems

Hi On 02.02.2013 23:55, Alexander Hollerith wrote: The php openssl library implements a function named openssl_csr_sign() and inside that function one can find the following line: X509_gmtime_adj(X509_get_notAfter(new_cert), (long)60*60*24*num_days); This obviously provokes an

Re: OpenSSl / SMIME and header : Disposition-Notification-To

My config is : OS : centos 6 OpenSSL : openssl-1.0.0-20.el6_2.5.x86_64 My commands are : oppenssl smime -sign -in myfile -signer mycertif.pem -inkey mykey.pem | openssl smime -out signedfile -from m...@me.me -to t...@to.to -subject mysubject -encrypt -des3 myencryption.pem sendmail

openssl RPM package

Hello, is there an openssl RPM package with version 0.9.8 or better for CentOS 4.x? (upgrade to CentOS 5.x or 6.x is impossible) Thanks, Walter smime.p7s Description: S/MIME Cryptographic Signature

Using OpenSSL in a makefile?

Hello, why does the following makefile not succeed? all: pckdCRL.zip .SUFFIXES: .SUFFIXES: .text .pem .crl .pem.crl: openssl crl -in $ -outform der -out $@ .pem.text: openssl crl -noout -text -in $ $@ pckdCRL.zip: rootCRL.pem rootCRL.crl rootCRL.text zip -9 -j pckdCRL.zip

Re: Feedback Please: New OpenSSL PKI Tutorial

Hallo, https://pki-tutorial.readthedocs.org/en/latest/cadb.html - Serial number files ... what is the CRL number file? where can I configure this? Thanks, Walter On Mon, December 17, 2012 15:23, Stefan H. Holek wrote: Hi All! I have been working on an OpenSSL PKI tutorial, and the time has

Re: OpenSSL OCSP Responder used in a CGI Skript - I found the bug

Dr. Stephen Henson wrote: On Wed, Dec 12, 2012, Walter H. wrote: Hello, when using openssl ocsp ... in a CGI skript, you must use -noverify because without, this creates the line Response verify OK neither /dev/null nor 21 file nor 21 /dev/null, let this line disappear so this shoots

Re: OpenSSL OCSP Responder used in a CGI Skript - I found the bug

Salz, Rich wrote: neither /dev/null nor 21 file nor 21 /dev/null, let this line disappear Redirections happen left-to-right. So do this: /dev/null 21 left-to-right? outer-to-inner, I understand; Or the simpler 2/dev/nul ok Thanks, Walter

OpenSSL OCSP Responder used in a CGI Skript - I found the bug

Hello, when using openssl ocsp ... in a CGI skript, you must use -noverify because without, this creates the line Response verify OK neither /dev/null nor 21 file nor 21 /dev/null, let this line disappear so this shoots either a 500 page or an invalid OCSP response is sent, which results

OpenSSL OCSP Responder used in a CGI Skript

Hello, I have created a self signed root CA certificate, and two other CA certificate, that I signed with this self signed root certificate; and these SubCA certificates are used for signing requests; with the root CA I signed also a certificate, with the purpose of signing OCSP Responder;

<    1   2