From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton
Sent: Tuesday, July 08, 2014 20:33
On Tue, Jul 8, 2014 at 7:00 PM, Dave Thompson dthomp...@prinpay.com
wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton
Sent: Tuesday, July 08, 2014 16:20
...
Not
Thompson [dthomp...@prinpay.com]
Sent: Monday, July 07, 2014 4:03 PM
To: openssl-users@openssl.org
Subject: RE: Certificate problem
From: owner-openssl-us...@openssl.org On Behalf Of Barbe, Charles
Sent: Sunday, July 06, 2014 22:42
I have the following certificates and associated private keys
On Tue, Jul 8, 2014 at 3:39 PM, Barbe, Charles
charles.ba...@allworx.com wrote:
I figured it out and am now wondering if there is a defect in the openssl
verify command. This suggestion from Dave Thompson:
I would first try x509 -noout -subject|issuer -nameopt multiline,show_type
and see if
| 14604
charles.ba...@allworx.com | 585.421.5565
From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on
behalf of Jeffrey Walton [noloa...@gmail.com]
Sent: Tuesday, July 08, 2014 4:19 PM
To: OpenSSL Users List
Subject: Re: Certificate
From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on
behalf of Barbe, Charles [charles.ba...@allworx.com]
Sent: Tuesday, July 08, 2014 4:44 PM
To: openssl-users@openssl.org
Subject: RE: Certificate problem - SOLVED
Yet openssl verify said OK to both of my certificates against
On Tue, Jul 8, 2014 at 4:48 PM, Barbe, Charles
charles.ba...@allworx.com wrote:
Also don't these lines of the spec:
countryName ATTRIBUTE ::= {
WITH SYNTAX PrintableString (SIZE (2))
-- IS 3166 codes only
From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton
Sent: Tuesday, July 08, 2014 16:20
On Tue, Jul 8, 2014 at 3:39 PM, Barbe, Charles
charles.ba...@allworx.com wrote:
I figured it out and am now wondering if there is a defect in the openssl
verify command. This suggestion
On Mon, Jul 07, 2014, Dave Thompson wrote:
The only thing that springs to mind that could be invisible is string types
and
some options of the cert Issuer fields vs the CA Subject. RFC 5280 requires
a
fairly complicated Unicode-aware comparison algorithm which I believe
openssl
does
On Tue, Jul 8, 2014 at 7:00 PM, Dave Thompson dthomp...@prinpay.com wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Jeffrey Walton
Sent: Tuesday, July 08, 2014 16:20
...
Not sure if this is any consolation, but countryName is a
DirectoryString, and PrintableString is OK per RFC 5280
From: owner-openssl-us...@openssl.org On Behalf Of Barbe, Charles
Sent: Sunday, July 06, 2014 22:42
I have the following certificates and associated private keys:
A - certificate A generated with one version of my software not using
openssl
B - certificate B generated with a new version of
On 7/6/2014 7:41 PM, Barbe, Charles wrote:
Does anybody have any suggestions on where to look to figure this out? A tool
to use?
I realize that actually attaching the certa might be helpful but I do not
have them handy as I write this. Please let me know if that might help
somebody help
You could try examining both PEM-encoded certificates using an ASN.1
decoder, such as the one here - http://lapo.it/asn1js
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Barbe, Charles
Sent: Sunday, July 6, 2014 8:42 PM
To:
I am positive that I am installing the ca in the correct spot because
connections to server B correctly show the CA cert as the trusted root when I
view the certificate for the connection in the web browser.
To be clear, openssl verify says that both certificates A and B are ok when I
provide
As I said in another note, I will try to send the certs tomorrow. Thanks for
the help!
CHAD
On Jul 7, 2014, at 4:42 PM, Kyle Hamilton aerow...@gmail.com wrote:
On 7/6/2014 7:41 PM, Barbe, Charles wrote:
Does anybody have any suggestions on where to look to figure this out? A
tool to
I will try an ASN.1 decoder tomorrow. Thanks for the suggestion!
One thing I did try today was to have both servers generate their certificates
using the same private key. Theoretically I would expect the two certs to then
be exactly the same to the bit... I am not providing any domain or ip
From: owner-openssl-us...@openssl.org On Behalf Of Barbe, Charles
Sent: Monday, July 07, 2014 21:59
I will try an ASN.1 decoder tomorrow. Thanks for the suggestion!
One thing I did try today was to have both servers generate their
certificates
using the same private key. Theoretically I
On Mon, Jul 7, 2014 at 9:59 PM, Barbe, Charles
charles.ba...@allworx.com wrote:
I will try an ASN.1 decoder tomorrow. Thanks for the suggestion!
One thing I did try today was to have both servers generate their
certificates using the same private key. Theoretically I would expect the two
CHAD
On Jul 7, 2014, at 11:11 PM, Jeffrey Walton noloa...@gmail.com wrote:
On Mon, Jul 7, 2014 at 9:59 PM, Barbe, Charles
charles.ba...@allworx.com wrote:
I will try an ASN.1 decoder tomorrow. Thanks for the suggestion!
One thing I did try today was to have both servers generate their
CHAD
On Jul 7, 2014, at 11:03 PM, Dave Thompson dthomp...@prinpay.com wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Barbe, Charles
Sent: Monday, July 07, 2014 21:59
I will try an ASN.1 decoder tomorrow. Thanks for the suggestion!
One thing I did try today was to have both
On 7/7/2014 8:24 PM, Barbe, Charles wrote:
CHAD
On Jul 7, 2014, at 11:11 PM, Jeffrey Walton noloa...@gmail.com wrote:
On Mon, Jul 7, 2014 at 9:59 PM, Barbe, Charles
charles.ba...@allworx.com wrote:
I will try an ASN.1 decoder tomorrow. Thanks for the suggestion!
One thing I did try
I have had to add certs to two different places in Windows in order for
the them be found.
I added them using system32/certmgr -- but that is not enough. I have
found I also need to add them using the certificate control panel in
Internet Explorer. I use certs to sign documents in
Under most circumstances, roots certificates must be installed in the
Machine Root store, not in the User Root store. If you are looking to
authenticate to a wireless network, you may need to install the
certificate (and associated private key) to the Machine Certificates,
not the User
Venkata LK Mula escribió:
Hi,
With reference to the above mentioned subject, we have generated root,
server and client certificates in .pfx (p12) and .der format in
FreeRADIUS using OpenSSL, installed these certificates on the Windows
XP client. And when I'm trying to associate the Windows
Hello,
AFAIK by default client does not sends its certificate. You should
do something like this:
SSL_CTX_set_verify(context, SSL_VERIFY_PEER |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0);
Maybe this should help.
Regards
Ales Privetivy
Dear fellow developers,
]] On Behalf Of Eric Rescorla
Sent: Monday, April 22, 2002 12:36 PM
To: [EMAIL PROTECTED]
Subject: Re: Certificate Problem / get_peer_certificate
Andrew T. Finnell [EMAIL PROTECTED] writes:
I do not know. I do not have access to these machines
they are at our
client's location. I suppose we
On Mon, 22 Apr 2002, Andrew Finnell wrote:
Dear fellow developers,
I am experiencing some problems with a product we released. We rely
on a public/private key architecture. The client connects to our server and
we check to see if the certificate the client had was signed by us. I do
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Michal Bachorik
Sent: Monday, April 22, 2002 12:08 PM
To: Openssl ([EMAIL PROTECTED])
Subject: Re: Certificate Problem :)
On Mon, 22 Apr 2002, Andrew Finnell wrote:
Dear fellow developers,
I am
Andrew T. Finnell [EMAIL PROTECTED] writes:
I do a SSL_get_peer_certificate and everything works for a while.
But all of a sudden I never get a certificate from the client. This
causes our server to think the client isn't validated. The only way we
seem to be able to fix this is to re-create
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Eric Rescorla
Sent: Monday, April 22, 2002 12:25 PM
To: [EMAIL PROTECTED]
Subject: Re: Certificate Problem / get_peer_certificate
Andrew T. Finnell [EMAIL PROTECTED] writes:
I do a SSL_get_peer_certificate
Andrew T. Finnell [EMAIL PROTECTED] writes:
I do not know. I do not have access to these machines they are
at our client's location. I suppose we could try and get them to install
ssldump and run it. Although I am not sure this is an option.
ssldump can read data captured with 'tcpdump
Thanks for the advice. I was able to get an alternate /dev/urandom
package working.
Soo
On Wed, 28 Nov 2001, Lutz Jaenicke wrote:
On Wed, Nov 28, 2001 at 08:47:13AM +0100, [EMAIL PROTECTED] wrote:
Solaris does not support the device /dev/urandom which is necessary to seed
the PRNG by
On Wed, Nov 28, 2001 at 08:47:13AM +0100, [EMAIL PROTECTED] wrote:
Solaris does not support the device /dev/urandom which is necessary to seed
the PRNG by default.
You can either install a package which emulate /dev/urandom or seed the
PRNG
manually by the following commands :
unsigned
Title: RE: certificate problem
Lutz,
Well sometimes installing additional software is not acceptable as was in my case. Do you have any other suggesstions for people like me? We ship a product that uses OpenSSL and we don't want to install 3rd party apps. While Soo Hom just wants
Hi,
Solaris does not support the device /dev/urandom which is necessary to seed
the PRNG by default.
You can either install a package which emulate /dev/urandom or seed the
PRNG
manually by the following commands :
unsigned char seed_buffer [1024] ;
RAND_pseudo_byte(seed_buffer, 1024) ;
I just had the same problem today. I fixed it but I dont know exactly
what I did that made it work. I checked the hostname -f and it gave me
an alias at first, try hostname -vf and lookfor h_name=`...'. Even if
your using a vhost you should use your regular host name in the csr.
Good Luck!
35 matches
Mail list logo