Re: [openssl-users] TLS handshake certificate validation options

on (or all the x509v3 extensions) during TLS > handshake, without disabling the certificate validation all together? > > Thanks for any suggestions. > > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -

[openssl-users] TLS handshake certificate validation options

handshake, without disabling the certificate validation all together? Thanks for any suggestions. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

RE: Query on X509 certificate validation- EVP_VerifyUpdate & EVP_VerifyFinal

e leaning towards app1. Regards, Rituparna Mitra -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Friday, August 08, 2014 6:28 AM To: openssl-users@openssl.org Subject: RE: Query on X509 certificate valida

RE: Query on X509 certificate validation- EVP_VerifyUpdate & EVP_VerifyFinal

Of Viktor Dukhovni Sent: Monday, August 04, 2014 8:51 PM To: openssl-users@openssl.org Subject: Re: Query on X509 certificate validation- EVP_VerifyUpdate & EVP_VerifyFinal On Mon, Aug 04, 2014 at 05:43:47AM +, Mitra, Rituparna (STSD) wrote: > 1. app1: sends a CGI POST request

RE: Query on X509 certificate validation- EVP_VerifyUpdate & EVP_VerifyFinal

> From: owner-openssl-us...@openssl.org On Behalf Of Viktor Dukhovni > Sent: Monday, August 04, 2014 11:21 > On Mon, Aug 04, 2014 at 05:43:47AM +, Mitra, Rituparna (STSD) wrote: > > > 1. app1: sends a CGI POST request to app2 ? the POST request has the > UN (username). > > > > 2.

Re: Query on X509 certificate validation- EVP_VerifyUpdate & EVP_VerifyFinal

On Mon, Aug 04, 2014 at 03:21:23PM +, Viktor Dukhovni wrote: > On Mon, Aug 04, 2014 at 05:43:47AM +, Mitra, Rituparna (STSD) wrote: > > > 1. app1: sends a CGI POST request to app2 ? the POST request has the > > UN (username). > > > > 2. app2: does a CGI GET to receive the UN

Re: Query on X509 certificate validation- EVP_VerifyUpdate & EVP_VerifyFinal

On Mon, Aug 04, 2014 at 05:43:47AM +, Mitra, Rituparna (STSD) wrote: > 1. app1: sends a CGI POST request to app2 ? the POST request has the UN > (username). > > 2. app2: does a CGI GET to receive the UN within app1?s POST request. > > 3. app2: has app1?s x509 certificate a

RE: Query on X509 certificate validation- EVP_VerifyUpdate & EVP_VerifyFinal

Start by isolating the steps. The username is in the formdata? Can you run the openssl command-line program, for example, to encrypt the username you get? -- Principal Security Engineer Akamai Technologies, Cambridge MA IM: rs...@jabber.me Twitter: RichSalz

RE: Query on X509 certificate validation- EVP_VerifyUpdate & EVP_VerifyFinal

ssl-users@openssl.org Subject: RE: Query on X509 certificate validation- EVP_VerifyUpdate & EVP_VerifyFinal You have to look at the character string type of the DN. For example, in printableString the exclamation point is an illegal character. -- Principal Security Engineer Akamai Techn

RE: Query on X509 certificate validation- EVP_VerifyUpdate & EVP_VerifyFinal

You have to look at the character string type of the DN. For example, in printableString the exclamation point is an illegal character. -- Principal Security Engineer Akamai Technologies, Cambridge MA IM: rs...@jabber.me Twitter: RichSalz

Query on X509 certificate validation- EVP_VerifyUpdate & EVP_VerifyFinal

Hi, I am using “openssl-1.0.1h” to do X509 certificate validation for accessing from app1 to app2 (these are 2 separate applications). - In app2, I have uploaded the X509 certificate generated by app1 and I am using the following code segment in app2 to verify the certificate (when

Re: Reference material on how to do certificate validation with OpenSSL

>> >>>> On Sat, Oct 27, 2012 at 11:00 AM, Alban D. wrote: >>>>> >>>>> >>>>> Hi everyone, >>>>> >>>>> iSEC Partners just released a paper that provides detailed guidelines >>>>> and sample code on how to

Re: Reference material on how to do certificate validation with OpenSSL

code on how to properly do certificate validation with OpenSSL: http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html It is not trivial and so I thought this reference material could be useful to people on this mailing list. ] Supporting wildcard

Re: [openssl-users] Re: Reference material on how to do certificate validation with OpenSSL

match). > > Jeff > >> Le 27/10/2012 21:00, Jeffrey Walton a écrit : >> >>> On Sat, Oct 27, 2012 at 11:00 AM, Alban D. wrote: >>>> >>>> Hi everyone, >>>> >>>> iSEC Partners just released a paper that provides detailed guidel

Re: [openssl-users] Re: Reference material on how to do certificate validation with OpenSSL

21:00, Jeffrey Walton a écrit : > >> On Sat, Oct 27, 2012 at 11:00 AM, Alban D. wrote: >>> >>> Hi everyone, >>> >>> iSEC Partners just released a paper that provides detailed guidelines >>> and sample code on how to properly do certificate validati

Re: [openssl-users] Re: Reference material on how to do certificate validation with OpenSSL

t; >>> iSEC Partners just released a paper that provides detailed guidelines >>> and sample code on how to properly do certificate validation with >>> OpenSSL: >>> >>> http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.htm

Re: [openssl-users] Reference material on how to do certificate validation with OpenSSL

help. -- Erwann ABALEA Le 27/10/2012 17:00, Alban D. a écrit : Hi everyone, iSEC Partners just released a paper that provides detailed guidelines and sample code on how to properly do certificate validation with OpenSSL: http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-br

Re: [openssl-users] Re: Reference material on how to do certificate validation with OpenSSL

ban D. wrote: Hi everyone, iSEC Partners just released a paper that provides detailed guidelines and sample code on how to properly do certificate validation with OpenSSL: http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html It is not trivial and so I th

Re: Reference material on how to do certificate validation with OpenSSL

uidelines >>> and sample code on how to properly do certificate validation with >>> OpenSSL: >>> >>> http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html >>> >>> It is not trivial and so I thought t

Re: Reference material on how to do certificate validation with OpenSSL

On 10/27/2012 10:58 PM, Jeffrey Walton wrote: On Sat, Oct 27, 2012 at 11:00 AM, Alban D. wrote: Hi everyone, iSEC Partners just released a paper that provides detailed guidelines and sample code on how to properly do certificate validation with OpenSSL: http://www.isecpartners.com/blog/2012

Re: Reference material on how to do certificate validation with OpenSSL

Thanks, Also it can be usefull to go back to the book 'Network Security with OpenSSL', pages 128 to 138. Michel. Le 27/10/2012 17:00, Alban D. a écrit : Hi everyone, iSEC Partners just released a paper that provides detailed guidelines and sample code on how to properly do c

Re: Reference material on how to do certificate validation with OpenSSL

On Sat, Oct 27, 2012 at 11:00 AM, Alban D. wrote: > Hi everyone, > > iSEC Partners just released a paper that provides detailed guidelines > and sample code on how to properly do certificate validation with > OpenSSL: > http://www.isecpartners.com/blog/2012/10/14/the-lurking-me

Re: Reference material on how to do certificate validation with OpenSSL

The way how common names are verified in The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software is not correct. It gives a false match when there is more than one common name ava __ OpenSSL Pr

Re: Reference material on how to do certificate validation with OpenSSL

On Sat, Oct 27, 2012 at 11:00 AM, Alban D. wrote: > Hi everyone, > > iSEC Partners just released a paper that provides detailed guidelines > and sample code on how to properly do certificate validation with > OpenSSL: > http://www.isecpartners.com/blog/2012/10/14/the-lurking-me

Re: Reference material on how to do certificate validation with OpenSSL

On Sat, Oct 27, 2012 at 11:00 AM, Alban D. wrote: > Hi everyone, > > iSEC Partners just released a paper that provides detailed guidelines > and sample code on how to properly do certificate validation with > OpenSSL: > http://www.isecpartners.com/blog/2012/10/14/the-lurking-me

Re: Reference material on how to do certificate validation with OpenSSL

On Sat, Oct 27, 2012 at 11:00 AM, Alban D. wrote: > Hi everyone, > > iSEC Partners just released a paper that provides detailed guidelines > and sample code on how to properly do certificate validation with > OpenSSL: > http://www.isecpartners.com/blog/2012/10/14/the-lurking-me

Reference material on how to do certificate validation with OpenSSL

Hi everyone, iSEC Partners just released a paper that provides detailed guidelines and sample code on how to properly do certificate validation with OpenSSL: http://www.isecpartners.com/blog/2012/10/14/the-lurking-menace-of-broken-tls-validation.html It is not trivial and so I thought this

Re: [openssl-users] Re: certificate validation issues with openssl 1.0.0 and expired certificates in cafile

Le 25/09/2012 18:45, Jakob Bohm a écrit : On 9/25/2012 6:12 PM, Erwann Abalea wrote: Le 25/09/2012 14:16, Jakob Bohm a écrit : > On 9/25/2012 11:11 AM, Erwann Abalea wrote: [...] Any signature algorithm works by dividing the universe of N bit strings into those that are validsignatures for the

Re: [openssl-users] Re: certificate validation issues with openssl 1.0.0 and expired certificates in cafile

te doesn't have any authorityKeyIdentifier extension, and OpenSSL correctly tests each possible certificate, filtered by their subject name, until the validation is OK. I assume the Thawte certificate you mention is not the same as the VeriSign certificate (they havebeen the same comp

Re: [openssl-users] Re: certificate validation issues with openssl 1.0.0 and expired certificates in cafile

The Thawte CA certificate doesn't have any authorityKeyIdentifier extension, and OpenSSL correctly tests each possible certificate, filtered by their subject name, until the validation is OK. > 3. Setting up the CA to have keys for more than one algorithm (such > as RSA 1024 with

Re: [openssl-users] Re: certificate validation issues with openssl 1.0.0 and expired certificates in cafile

mediary certificates (unlike Windows, which has seperate stores for those two categories). > 3. Setting up the CA to have keys for more than one algorithm (such > as RSA 1024 with SHA1 and RSA 4096 with SHA256). In this case, the > certificate validation could SHOULD (but might not) match

Re: certificate validation issues with openssl 1.0.0 and expired certificates in cafile

-openssl-us...@openssl.org] *On Behalf Of *Charles Mills *Sent:* Thursday, September 13, 2012 9:42 AM *To:* openssl-users@openssl.org *Subject:* RE: certificate validation issues with openssl 1.0.0 and expired certificates in cafile Would it make sense to delete the expired certificate from the Windows

Re: [openssl-users] Re: certificate validation issues with openssl 1.0.0 and expired certificates in cafile

09. Manual update of the trust anchor is still necessary if you want the validation to pass the expiration date of the old CA cert. 3. Setting up the CA to have keys for more than one algorithm (such as RSA 1024 with SHA1 and RSA 4096 with SHA256). In this case, the certificate validation coul

Re: certificate validation issues with openssl 1.0.0 and expired certificates in cafile

e and uses an underdocumented BouncyCastly store > format thus preventing the efficient deployment of the new A cert. > > 3. Setting up the CA to have keys for more than one algorithm (such > as RSA 1024 with SHA1 and RSA 4096 with SHA256). In this case, the > certificate validatio

Re: certificate validation issues with openssl 1.0.0 and expired certificates in cafile

have keys for more than one algorithm (such as RSA 1024 with SHA1 and RSA 4096 with SHA256). In this case, the certificate validation could SHOULD (but might not) match issued end entity certificates to the trust anchor by also comparing signatureAlgorithm in the issued certifica

Re: certificate validation issues with openssl 1.0.0 and expired certificates in cafile

Only the private and public keys are different.. Rest of the fields are same.. Basically I am simulating the trust anchor update related scenarios.. And yes Jacob, thanks for indicating, I'll make sure I don't use such abbreviations from here on.. Ashok On Sep 24, 2012 11:25 PM, "Jakob Bohm" wrot

Re: certificate validation issues with openssl 1.0.0 and expired certificates in cafile

Hi, In your test case which fields actually differ between the old root CA certificate and the new root CA certificate? P.S. Please do not use those 3 letter abbreviations of certificate field names, very few people know those abbreviations. For the benefit of other readers: I think Ashok was

Re: certificate validation issues with openssl 1.0.0 and expired certificates in cafile

Hi, One more observation was made here in another test case. *Configuration:* One old root CA certificate oldca.pem with subject name say, C=IN One new root CA certificate newca.pem with same subject name. One EE certificate, ee.pem issued by new root CA. *Test case 1:* Using CAFile option in ope

Re: certificate validation issues with openssl 1.0.0 and expired certificates in cafile

On 9/13/2012 3:41 PM, Charles Mills wrote: Would it make sense to delete the expired certificate from the Windows store? Duplicate expired/non expired CA certificates sounds to me like a problem waiting to happen. /Charles/ Windows has built in support for using and checking time stamping c

Re: certificate validation issues with openssl 1.0.0 and expired certificates in cafile

-us...@openssl.org [mailto: >> owner-openssl-us...@openssl.org] *On Behalf Of *Charles Mills >> *Sent:* Thursday, September 13, 2012 9:42 AM >> *To:* openssl-users@openssl.org >> *Subject:* RE: certificate validation issues with openssl 1.0.0 and >> expired certificates i

Re: certificate validation issues with openssl 1.0.0 and expired certificates in cafile

** > > *From:* owner-openssl-us...@openssl.org [mailto: > owner-openssl-us...@openssl.org] *On Behalf Of *Charles Mills > *Sent:* Thursday, September 13, 2012 9:42 AM > *To:* openssl-users@openssl.org > *Subject:* RE: certificate validation issues with openssl 1.0.0 and > expired

RE: certificate validation issues with openssl 1.0.0 and expired certificates in cafile

lto:owner-openssl-us...@openssl.org] On Behalf Of Charles Mills Sent: Thursday, September 13, 2012 9:42 AM To: openssl-users@openssl.org Subject: RE: certificate validation issues with openssl 1.0.0 and expired certificates in cafile Would it make sense to delete the expired certificate from the Windo

RE: certificate validation issues with openssl 1.0.0 and expired certificates in cafile

, September 13, 2012 12:49 AM To: openssl-users@openssl.org Subject: Re: certificate validation issues with openssl 1.0.0 and expired certificates in cafile Sending again as the previous email did not appear in list. Is there some problem with the mailing list? -- Ashok On Wed, Sep 12, 2012 at

Re: certificate validation issues with openssl 1.0.0 and expired certificates in cafile

lidate its certificate: >> >> openssl s_client -connect www.google.com:443 -CAfile dump.crt >> >> When using openssl0.9.8k or openssl0.9.8x everything works as expected. >> >> When using openssl1.0.0g or openssl 1.0.1c the certificate validation >> fails wi

Re: certificate validation issues with openssl 1.0.0 and expired certificates in cafile

into a file. Then I use openssl to connect to Google and > validate its certificate: > > openssl s_client -connect www.google.com:443 -CAfile dump.crt > > When using openssl0.9.8k or openssl0.9.8x everything works as expected. > > When using openssl1.0.0g or openssl 1.0.1c the cer

certificate validation issues with openssl 1.0.0 and expired certificates in cafile

works as expected. When using openssl1.0.0g or openssl 1.0.1c the certificate validation fails with: Verify return code: 10 (certificate has expired) CONNECTED(016C) depth=2 C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority verify error:num=10:c

RE: Please Help: Certificate Validation using subjectAltName extension

= Washington organizationName = Sercomm commonName = Verisign [ req_extensions ] basicConstraints = CA:true subjectAltName = DNS:x.x.x.x,DNS:localhost Am i correct ? Please help. Best Regards, S S rout -- View this message in context: http://old.nabble.com/Please-Help%

RE: Please Help: Certificate Validation using subjectAltName extension

on" using openssl commands. > > In the RFC-2818 , there are two ways of Certificate > Validation for Host name > 1)CN (Common Name) > 2)SN( Subject Name) 1. Common Name part of subject name which is the value of Subject. 2. Subject *Alternative* Name which is an extensi

Please Help: Certificate Validation using subjectAltName extension

Dear All, My TLS client can validate both CN and SN & i need to test both the scenario. I don't know how to create certificate with “subjectAltName extension” using openssl commands. In the RFC-2818 , there are two ways of Certificate Validation for Host name 1) CN (Commo

Certificate validation failed

We are currently implementing file time stamping for our invoices and we are using a time stamping service that implements RFC3161, Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP), over HTTP. Three days ago I started looking at the openssl as a

Re: Certificate validation

te the > certificate through the CA (I mean establish a connection to the CA, > and let the CA do the actual validation). Can OpenSSL do this > automatically, when I call X509_verify_cert for example ? > What you are talking about is called SCVP (Server-based Certificate Validation Pro

Certificate validation

Hello all, I am new to OpenSSL, and now I am confrontd with some problems. First would be the following: let's assume I have a certificate (X509) which has been issued by an CA. How is it possible to validate the certificate through the CA (I mean establish a connection to the CA, and let the CA d

Re: [squid-users] TR: [Bulk] Re: [squid-users] Certificate Validation problem due to Sha 256 message digest

hRSAEncryption >9d:c6:ef:97:97:4f:ae:23:4c:a2:46:12:83:aa:0a:c8:b9:4a: >... >38:42:35:1f:63:69:0b:ed:08:01:56:a7:14:aa:3f:5f > > May it help ? > Raphael > > -----Message d'origine- > De : Henrik Nordstrom [mailto:hen...@henriknordstrom.net] >

RE: [squid-users] TR: [Bulk] Re: [squid-users] Certificate Validation problem due to Sha 256 message digest

iknordstrom.net] Envoyé : dimanche 14 décembre 2008 00:23 À : Raphael Cc : squid-us...@squid-cache.org Objet : Re: [squid-users] TR: [Bulk] Re: [squid-users] Certificate Validation problem due to Sha 256 message digest On Fri, 2008-12-12 at 14:53 +0100, Raphael wrote: > I use Openssl 0.9.8i whic

Re: Certificate validation problem

Thanks Dave, today I rechecked the dump of the certificates which cause the problem. The AUTHORITY_KEYID was really missing in them. They were created using some MS .Net stuff. My certificates which I create with openssl work fine. I told the guy who created the wrong certificates about the missi

RE: Certificate validation problem

> -Original Message- > From: [EMAIL PROTECTED] On Behalf Of Gerhard Gappmeier > Sent: Wednesday, 08 October, 2008 08:14 > I've a problem with validating self-signed certificates. > > In my use case it's possible (but unlikely) to have multiple self-signed > certificates with the same comm

Re: The rules of SSL-Certificate validation?

On Tue, Apr 22, 2008 at 12:59 AM, Lutz Jaenicke <[EMAIL PROTECTED]> wrote: > Ok, so we are facing a violation of policies at the CA. At the date of > certificate verification we are however checking whether all components > of the certificate chain are valid at this day. > Even though the overl

Re: The rules of SSL-Certificate validation?

* Lutz Jaenicke wrote on Tue, Apr 22, 2008 at 09:59 +0200: > > This rule is independent of current time. e.g. If the validity dates > > of the parent certificate is 2008/04/18~2009/04/18 and the ones of > > child certificate is 2008/06/18~2009/06/18 or 2008/03/18~2009/03/18, > > the certificate cha

Re: The rules of SSL-Certificate validation?

Anri Lau wrote: > Hi Luzt, > > On 18/04/2008, *Lutz Jaenicke* <[EMAIL PROTECTED] > > wrote: > > Anri Lau wrote: > > Hi All, > > > > Anyone know how many rules should be performed when build TLS > > connection? > > I have some test case. The certific

Re: The rules of SSL-Certificate validation?

Hi Luzt, On 18/04/2008, Lutz Jaenicke <[EMAIL PROTECTED]> wrote: > > Anri Lau wrote: > > Hi All, > > > > Anyone know how many rules should be performed when build TLS > > connection? > > I have some test case. The certificate time is not valid, validation > > failed. But the certificate passed if

Re: The rules of SSL-Certificate validation?

Anri Lau wrote: > Hi All, > > Anyone know how many rules should be performed when build TLS > connection? > I have some test case. The certificate time is not valid, validation > failed. But the certificate passed if the validity dates of the child > certificate are not contained within the validi

Re: The rules of SSL-Certificate validation?

Hi Patrick, Thank you for your kindly reply. I will do more research and test based on your advice. Actually, I want to know which rules openssl has done, which should i implement in callback function. The following are the rules implemented by openssl collected from source code. 1.We make

Re: The rules of SSL-Certificate validation?

Hi Patrick, Thank you for your kindly reply. I will do more research and test based on your advice. Actually, I want to know which rules openssl has done, which should i implement in callback function. 1.We make sure the chain we are going to build is present and that the first entry is in place

Re: The rules of SSL-Certificate validation?

Hi Anri: Anri Lau wrote: > Hi All, > > Anyone know how many rules should be performed when build TLS connection? > I have some test case. The certificate time is not valid, validation failed. > But the certificate passed if the validity dates of the child certificate > are not contained within th

The rules of SSL-Certificate validation?

Hi All, Anyone know how many rules should be performed when build TLS connection? I have some test case. The certificate time is not valid, validation failed. But the certificate passed if the validity dates of the child certificate are not contained within the validity dates of the parent certifi

Re: Do I need to do anything special to get certificate validation to use a CDP?

I remember that most CDPs are HTTP URL, LDAP URL, a UNC string, etc. I did not checked the standard for all supported formats, but HTTP URL is the most common. So you may use any tools supports HTTP to retrieve them, such as wget or curl. For example, in my browser there is an CA certificate issue

Re: Do I need to do anything special to get certificate validation to use a CDP?

Thank you. Is there a function within the API that can do the CRL extraction from the CDP(s)? Bruce On Dec 22, 2007 4:32 AM, Cong Zhang <[EMAIL PROTECTED]> wrote: > Hi, > > AFAIK, OpenSSL has no code to retrieve the CRL from CRL distribution > points. The CRL retrieve and update should be done

Re: Do I need to do anything special to get certificate validation to use a CDP?

Hi, AFAIK, OpenSSL has no code to retrieve the CRL from CRL distribution points. The CRL retrieve and update should be done by yourself. However, by putting a PEM encoded CRL to CApath will make OpenSSL load this CRL correctly. To use CRL, you may retrieve and check CRL at verify_callback, or use

Do I need to do anything special to get certificate validation to use a CDP?

Hi, I have an TLS/SSL client I wrote using openssl and I was wondering if I have to do anything special to verify if a certificate was revoked in one of the CRLs taken from one of the CDPs? Is there special code or calls I need to make in the verify_callback() that is installed by SSL_CTX_set_ver

What happens if certificate validation failes - what s_client error codes exist?

I was going to write a perl script that updates my ip at dyndns.org using a secure connection, making use of openssl s_client to keep it simple (and to avoid newbie mistakes). I use the -CAfile to point to the Thawte root certificate I got from thawte.com as dyndns.org uses a Thawte-signed certific

Re: Certificate validation failure, Successful

Richard A. Faulk Jr. wrote: I just tried setting the crl file to DER encoding and specified that files with .crl extensions are application/x-x509-crl. I am still receiving the certificate validation failure error on the Cisco concentrator. Is there anything else that I need to do? Am I

Re: Certificate validation failure, Successful

I just tried setting the crl file to DER encoding and specified that files with .crl extensions are application/x-x509-crl. I am still receiving the certificate validation failure error on the Cisco concentrator. Is there anything else that I need to do? Am I doing something wrong? Thanks

Re: Certificate validation failure, Successful

I just tried setting the crl file to DER encoding and specified that files with .crl extensions are application/x-x509-crl. I am still receiving the certificate validation failure error on the Cisco concentrator. Is there anything else that I need to do? Am I doing something wrong? Thanks

Re: Certificate validation failure, Successful

On Tue, Nov 23, 2004, Jason Haar wrote: > > Cisco did a real good job with their PKI support in the VPN-3000 series > - I wish I could say the same for IOS (our CA has a serial number of > "0", and IOS refuses to trust a CA with a serial <1. Strange - I always > thought 0 was an integer as re

Re: Certificate validation failure, Successful

ssage - From: "Jason Haar" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, November 22, 2004 20:30 Subject: Re: Certificate validation failure, Successful We do this here. Ensure your URLs are "application/x-x509-crl", and the CRL is DER encoded and you&#

Re: Certificate validation failure, Successful

We do this here. Ensure your URLs are "application/x-x509-crl", and the CRL is DER encoded and you'll be fine. Cisco did a real good job with their PKI support in the VPN-3000 series - I wish I could say the same for IOS (our CA has a serial number of "0", and IOS refuses to trust a CA with a s

Re: Certificate validation failure, Successful

On Mon, Nov 22, 2004, Richard A. Faulk Jr. wrote: > I have configured a Cisco VPN 3005 concentrator to use digital certificate > authentication successfully with openssl. However, whenever I configure the > concentrator to read the CRL file via http, I receive a Certificate >

Certificate validation failure, Successful

I have configured a Cisco VPN 3005 concentrator to use digital certificate authentication successfully with openssl. However, whenever I configure the concentrator to read the CRL file via http, I receive a Certificate validation failure and the VPN client fails to connect. I am using the

Certificate validation

I am wondering if openssl can be used in an application such that a certificate is checked locally on application startup as a license verification measure. My idea is to install a certificate, then have the application validate it during launch to verify that execution is permitted. Is this poss

Re: Client -server certificate validation

On Fri, Dec 08, 2000 at 11:14:07AM -0500, Sudeep Sudhakaran wrote: > Hi, > > I have seen a lot of posting on client certificate validation. But no clean > answer to client authentication. I see a reply and finally the poster > replies saying it doesnt work. It seems a lot

Re: Client -server certificate validation

Hi, I have seen a lot of posting on client certificate validation. But no clean answer to client authentication. I see a reply and finally the poster replies saying it doesnt work. It seems a lot of people have problems with this and never got a perfect answer. I like to implement mutual