Re: Need objective arguments against double certificate
Then perhaps your company should hire a security expert to design the security. Defects in portability or performance are low-risk and easily detected, and the cost scales with the time until a patch is deployed. Security vulnerabilities are much more tricky and expensive to detect and the damage may happen all at once, making them very high-risk. I understand several of the OpenSSL development team are available for consulting. Well, it's not like we can do whatever we would like to. Our company is small, and only got the small part in that project. As I said in the first message, it's the CEO of that partner company which got the biggest part of the project who brought in his security expert. They are the overall lead, and we have to work with them. Even his engineers do not agree with his security consultant. What I'm doing here (working on the cost calculator, working on the analysis model, etc) is not for our company, it's for this partnering company, actually for the group leader in that company to present it to their management. We don't like to associate our name with lousy projects, that's why I'm doing what I'm doing now, and this is extra work for nothing. If we don't care, we would shut the hell up, get the thing done (whatever it is), take the money, and move on. rgds _ FREE pop-up blocking with the new MSN Toolbar ? get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Need objective arguments against double certificate
On Jun 16, 2005, at 11:47 PM, coco coco wrote: For a shameless plug, this scheme is designed by myself. I'm giving a brief description here, so you guys can help to see if that makes sense. [snip] Yeah, I know, you have not seen the implementation, so not fair to say if that's ok or not. This project is for a government agency, which handles very sensitive data. Then perhaps your company should hire a security expert to design the security. Defects in portability or performance are low-risk and easily detected, and the cost scales with the time until a patch is deployed. Security vulnerabilities are much more tricky and expensive to detect and the damage may happen all at once, making them very high-risk. I understand several of the OpenSSL development team are available for consulting. Josh -- Joshua Juran Metamage Software Creations - Mac Software and Consulting http://www.metamage.com/ * Creation at the highest state of the art * __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Need objective arguments against double certificate
I thought the problem was that you were using the same keypair for encryption and signing. So that there really is only one key. I know, the key escrow was designed when the requirements were only for encryption only. Digital signature requirement was added when the consultant got on board. So, it was not really part of the original plan. We have not redesigned the escrow scheme, as we have not really resolve this double-cert thingy. Yeah, I agree with you, if we using the same key with 2 certs, the escrow becomes the main attack target. thanks coco _ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Need objective arguments against double certificate
Like the commentator, I'm also a little guy. In my case, I'm a retired guy who got his intro to this stuff from Entrust. I got convinced that their two (or more) -certificate solution was right, based upon the following: If you are an employee in an organization, it is valid for the organization to have access to your DATA but not your IDENTITY should you get run over by a bus or tsunami. Two certificates, where the ENCRYPTION certificate's private key is kept by the organization is thus a valid idea. This is sometimes called Key Escrow, Key Recovery, etc. However, the organization never has a legitimate reason to sign on your behalf. Two certificates with different keys allow for this distinction. It also allows you, the employee, to reclaim old encrypted material when you lose the key. Furthermore, when the police knock down your door (as is increasingly possible in the US) and demand your encryption key so they can scan your computer, you can still keep your identity-proving key private, because one assumes they would have no reason to manufacture new data signed by you. Please note that having two certificates doesn't imply key escrow, it just allows for it to happen when appropriate. Yet, it allows for a separation of confidentiality and identity proof. Well, actually, key escrow was designed in the system from the beginning. For a shameless plug, this scheme is designed by myself. I'm giving a brief description here, so you guys can help to see if that makes sense. User's keys are escrowed in a central database, completely separated from the application system (physically and logically, on a remote site). The escrow database is encrypted with two keys (double encryption, one on top of another). The two keys are kept in USB tokens, separately, then they are kept in a safe at a trusted third-party (e.g. a bank). The 2 tokens are kept at two totally different banks. The policy is that no single person should have access to both tokens at the same time. It requires at least two dedicated officers to get both tokens. There is an option too: In order to get both keys, both officers must have a dedicated third-party witness (e.g. a well-known law firm). But we are still evaluating if this option is really needed. This seems to be more of policy management issue than technical issue. The password to the token is kept with the token, in the safe at the trusted third-party. The issue seems to be with re-encryption of the escrow database. For example, if the algo is found to be broken, or if the key length is not enough anymore, then we would need to create new keys and re-encrypt the thing. This is left as open for now. That's it. Yeah, I know, you have not seen the implementation, so not fair to say if that's ok or not. This project is for a government agency, which handles very sensitive data. Sorry, this is getting into some non-sense unrelated to openssl. I'll stop here :) coco _ On the road to retirement? Check out MSN Life Events for advice on how to get there! http://lifeevents.msn.com/category.aspx?cid=Retirement __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Any problem with this "C" code
Hello All, I used following C code to sign the data and encode in DER format. But JAVA Crypto code is failed to parse the DER encoded PKCS#7 data. Following is the “C” code to sign the data. Is there any problem in my code? The certificate I used is self signed certificate. Char* PKI_Sign (char* inputData, char* pcCertName) { int flags = PKCS7_DETACHED | PKCS7_NOCERTS; X509 *pSignerCert = NULL; EVP_PKEY *pkey = NULL; BIO *InputData = NULL; Char TempAuthData[2048]; pSignerCert = GetCertifcateByCertName (pcCertName); if(!pSignerCert) { g_pkiReasonCode = CMS_NO_CERTIFICATE; return 0; } /* It searches key store and gets private key by its filename.*/ pkey = GetRSAPrivateKeyByCertName(pcCertName); if(!pkey) { g_pkiReasonCode = CMS_NO_CERTIFICATE; return 0; } InputData = BIO_new_file(tempFilename, "r"); EVP_add_digest (EVP_sha1 ()); EVP_add_digest_alias (SN_sha1,"ssl3-sha1"); EVP_add_digest_alias (SN_sha1WithRSAEncryption, SN_sha1WithRSA); EVP_add_digest (EVP_dss1 ()); EVP_add_digest_alias (SN_dsaWithSHA1, SN_dsaWithSHA1_2); EVP_add_digest_alias (SN_dsaWithSHA1,"DSS1"); EVP_add_digest_alias (SN_dsaWithSHA1,"dss1"); pkcs7 = PKCS7_sign (pSignerCert, pkey, NULL, InputData, flags); usDataLength = ASN1_item_i2d(pkcs7, &TempAuthData,ASN1_ITEM_rptr(PKCS7)); return TempAuthData; } Thanks in advance…… Madhu # This Email Message is for the sole use of the intended recipient(s) and May contain CONFIDENTIAL and PRIVILEGED information. LG Soft India will not be responisible for any viruses or defects or any forwarded attachements emanating either from within LG Soft India or outside. Any unauthorised review , use, disclosure or distribution is prohibited. If you are not intentded recipient, please contact the sender by reply email and destroy all copies of the original message. #
RE: Need objective arguments against double certificate
> Pease help to fill in items that I might have missed :) The security risk that this non-standard scheme might introduce an unforseen vulnerability. This is, IMO, as likely as that it will protect against some unforseen vulnerability -- the alleged reason for the scheme. Hehe, I was trying really hard to put this issue into some tangible numbers :) There is always security risk related to the design, to the implementation, to the administration, etc. From all the books/sources I've learned crypto and security (including topics on information system auditing and assurance, information security risk assessment), I couldn't find any systematic methodology to estimate this. Everyone is talking about it in bulleted items, kinda subjective. This seems to come only with experience, and learn the hard way after screwing up a couple of times, or something. I don't know, I'm working on estimating the potential consequences of a security breach. But this is way beyond my knowledge/experience/expertise. And this is really on a case by case basis, no book can teach me that, I guess. thanks _ Is your PC infected? Get a FREE online computer virus scan from McAfee® Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Need objective arguments against double certificate
Yes, Viktor... you are right. Two certificates with the same keys is ... as you say One of these days, I'll figure out how to write what I really mean, instead of assuming that all readers have the same context as I do. And that "retirement" was (how shall I put it) ... non-voluntary. At 07:20 PM 6/16/2005, you wrote: On Thu, Jun 16, 2005 at 06:33:53PM -0700, david wrote: > Like the commentator, I'm also a little guy. In my case, I'm a retired guy > who got his intro to this stuff from Entrust. I got convinced that their > two (or more) -certificate solution was right, based upon the following: > You say (loosely) two "certificates", but you reall mean two key pairs with a corresponding certificate for each public key. Two certificates for the same key (signing cert vs. encryption cert) are snake oil at best. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Question regarding certificate requests !
On Jun 9, 2005, at 8:35 AM, Nabil Ghadiali wrote: Openssl req seems to output those components...however I am not able to find a way to "input" these as command line parameters. man openssl_req Try something like: openssl req -new -key foo.key -out foo.csr -sha1 Take care, Bill PGP.sig Description: This is a digitally signed message part
RE: Need objective arguments against double certificate
> Pease help to fill in items that I might have missed :) The security risk that this non-standard scheme might introduce an unforseen vulnerability. This is, IMO, as likely as that it will protect against some unforseen vulnerability -- the alleged reason for the scheme. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Need objective arguments against double certificate
On Thu, Jun 16, 2005 at 06:33:53PM -0700, david wrote: > Like the commentator, I'm also a little guy. In my case, I'm a retired guy > who got his intro to this stuff from Entrust. I got convinced that their > two (or more) -certificate solution was right, based upon the following: > You say (loosely) two "certificates", but you reall mean two key pairs with a corresponding certificate for each public key. Two certificates for the same key (signing cert vs. encryption cert) are snake oil at best. -- Viktor. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Need objective arguments against double certificate
Like the commentator, I'm also a little guy. In my case, I'm a retired guy who got his intro to this stuff from Entrust. I got convinced that their two (or more) -certificate solution was right, based upon the following: If you are an employee in an organization, it is valid for the organization to have access to your DATA but not your IDENTITY should you get run over by a bus or tsunami. Two certificates, where the ENCRYPTION certificate's private key is kept by the organization is thus a valid idea. This is sometimes called Key Escrow, Key Recovery, etc. However, the organization never has a legitimate reason to sign on your behalf. Two certificates with different keys allow for this distinction. It also allows you, the employee, to reclaim old encrypted material when you lose the key. Furthermore, when the police knock down your door (as is increasingly possible in the US) and demand your encryption key so they can scan your computer, you can still keep your identity-proving key private, because one assumes they would have no reason to manufacture new data signed by you. Please note that having two certificates doesn't imply key escrow, it just allows for it to happen when appropriate. Yet, it allows for a separation of confidentiality and identity proof. David Kurn At 06:07 PM 6/16/2005, you wrote: Like everyone else, I say this consultant doesn't know what he's talking about (I'm tempted to ask you to tell me who it is, so I can avoid him/her). Can I suggest a different line of attack, though? It's obvious that confronting the consultant by calling bull doesn't win you any points, so how about simply asking the consultant how, exactly, the double certificate scheme increases security. And do not let yourself be satisfied with a half ass answer. Hmm, I wouldn't name names, I'm just a little guy in all this. And if I can, I would have used my real name on this list already. I'm not the one presenting the arguments, I'm preparing those behind the scene for our group leader. I'm working on a spreadsheet calculator on how the cost add up for supporting non-standard scheme. This includes: - cost for extra development (code change to support double-cert, debugging, extra bugs filed related to this scheme, ...) - cost for extra testing - cost for extra certificate, given that there will be 5000+ users using the system - cost for extra management (time difference between loading standard certificate into USB token, and creating double-cert and load them into the token) - extra cost for managing extra tool - extra cost for managing certificates in this scheme, as the validity period of the 2 certs are not synced - extra cost incurred by users, as they have to remember which cert will expire when (This is not a strong one though, as we can easily add an extra function into the system to notify the user and admin that a specific cert is going to expire, and when...) - ... other smaller misc ones Pease help to fill in items that I might have missed :) I'd ask the CEO up front on what grounds he trusts that consultant. Heh, he got a phd in CS, specializing in "crypto" and "system security" :) according to what I heard. But I don't think he has ever coded anything, but we have agreed between us that we will never "attack" on personal ground. Keep it cool, so no one ever mentioned anything on this. coconut_to_go> But the annoying thing is, the 2 certificates do not coconut_to_go> even specify usage attributes correctly. And our coconut_to_go> security expert said it does not matter, we (the coconut_to_go> programmers) have to figure that out, which cert is coconut_to_go> used for signature and which one is used for encryption. This is just further proof that consultant doesn't know squat what he or she is talking about. After a while, I noticed my arguments against this scheme got lost in the noisy room, and it kinda stuck in there as "personal thinking", and not "scientific". That's why I'm posting on the list if someone could provide a hint on a more "scientific" comparison of security analysis model (or security attack model) on the two different schemes (double cert vs standard single cert, with key separation if needed). I'm building an attack model, based on attack tree, expanding out into different routes of attacks, ... the attack tree diagram covers about 30 pages, and I'm having difficulties presenting in a short and cool ppt to the management team. Besides, I got a gut feeling that something is missing, but don't know what. I'm a programmer by profession (and like it that way), learning crypto and security by myself, just by interest. So I'm not sure I have fully grasped the best pratice of security analysis. This exercise is trying to show that there is nothing more secure with double-cert scheme. And if it can actually show that double-cert scheme is more secure, then I would've learned something too. Problem is, it involves certain details of the proj
RE: problem verifying signature from java
I am also facing the similar problem. I am generating signature using OpenSSL and passing in to JAVA to verify (running JAVA test suite). Signature format is in DER encoded PKCS#7 format. But JAVA is not able to parse the "SignedData" content in the PKCS#7 format. It is giving "rejects tag type -96" error while parsing. Any comments on this are greatly appreciated. If you got any cluekindly let me know. Sorry to disappoint you, I've been banging my head on the monitor for 2 days now, going over the code and manual/api docs/examples/google for so many times, and I'm still having difficulties to get openssl and Java work together. All my crypto coding experiences are on Java, and this is the first time trying to get some very basic functionalities in C++, and it turns out to be much much harder than I thought :( And notice the key/cert I used in my test code are actually from the openssl examples. Anyone who has experience making openssl work with java, please give a hint. That'll be very much appreciated. coco _ Don?t just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Need objective arguments against double certificate
Like everyone else, I say this consultant doesn't know what he's talking about (I'm tempted to ask you to tell me who it is, so I can avoid him/her). Can I suggest a different line of attack, though? It's obvious that confronting the consultant by calling bull doesn't win you any points, so how about simply asking the consultant how, exactly, the double certificate scheme increases security. And do not let yourself be satisfied with a half ass answer. Hmm, I wouldn't name names, I'm just a little guy in all this. And if I can, I would have used my real name on this list already. I'm not the one presenting the arguments, I'm preparing those behind the scene for our group leader. I'm working on a spreadsheet calculator on how the cost add up for supporting non-standard scheme. This includes: - cost for extra development (code change to support double-cert, debugging, extra bugs filed related to this scheme, ...) - cost for extra testing - cost for extra certificate, given that there will be 5000+ users using the system - cost for extra management (time difference between loading standard certificate into USB token, and creating double-cert and load them into the token) - extra cost for managing extra tool - extra cost for managing certificates in this scheme, as the validity period of the 2 certs are not synced - extra cost incurred by users, as they have to remember which cert will expire when (This is not a strong one though, as we can easily add an extra function into the system to notify the user and admin that a specific cert is going to expire, and when...) - ... other smaller misc ones Pease help to fill in items that I might have missed :) I'd ask the CEO up front on what grounds he trusts that consultant. Heh, he got a phd in CS, specializing in "crypto" and "system security" :) according to what I heard. But I don't think he has ever coded anything, but we have agreed between us that we will never "attack" on personal ground. Keep it cool, so no one ever mentioned anything on this. coconut_to_go> But the annoying thing is, the 2 certificates do not coconut_to_go> even specify usage attributes correctly. And our coconut_to_go> security expert said it does not matter, we (the coconut_to_go> programmers) have to figure that out, which cert is coconut_to_go> used for signature and which one is used for encryption. This is just further proof that consultant doesn't know squat what he or she is talking about. After a while, I noticed my arguments against this scheme got lost in the noisy room, and it kinda stuck in there as "personal thinking", and not "scientific". That's why I'm posting on the list if someone could provide a hint on a more "scientific" comparison of security analysis model (or security attack model) on the two different schemes (double cert vs standard single cert, with key separation if needed). I'm building an attack model, based on attack tree, expanding out into different routes of attacks, ... the attack tree diagram covers about 30 pages, and I'm having difficulties presenting in a short and cool ppt to the management team. Besides, I got a gut feeling that something is missing, but don't know what. I'm a programmer by profession (and like it that way), learning crypto and security by myself, just by interest. So I'm not sure I have fully grasped the best pratice of security analysis. This exercise is trying to show that there is nothing more secure with double-cert scheme. And if it can actually show that double-cert scheme is more secure, then I would've learned something too. Problem is, it involves certain details of the project, so it is not possible to show it to the public and ask for advice. And frankly, asking blank question like that would be difficult for the gurus on the list to answer too. Thanks all. coco _ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Need objective arguments against double certificate
> Thanks all for replying. More heated debates I guess. How can there be a heated debated when there is not yet one argument advanced in favor of the double certificate scheme? I got what you meant, sorry for not being clear. I meant there will be more heated debate between us (the tech people) and the consultant, I didn't mean heated debate on this list. _ Don?t just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Release delay
I'm delaying the release of 0.9.8 beta6 until tomorrow (friday) night. The reason is that I want to test some changes on systems that may be sensitive to them before releasing. I believe that will be better for the release process as a whole. Cheers, Richard - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ "When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up." -- C.S. Lewis __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: nseq vs Thawte freemail certificates
It was not the private key that got lost but me... The private and public key are created locally - thanks to Bernhard Froehlich for pointing this out in a private email. The private key is never send to Thawte and hence it can not possibly be in the deliver.exe file. The local key generation by the browser is triggered via the (netscape specific?) KEYGEN tag in an html form presented by Thawte. Thanks for all the hints, Joachim PS: I am back at square one - I have to get my private key out of Apples propietary keychain but that is different story:-) Am 16.06.2005 um 11:43 schrieb Joachim Buechse: Good day! I am trying to extract my private key from a file downloaded from Thawtes "Personal Freemail" certificate service. (Thawte creates the private key for the user to simplify the process). The file (with the meaningfull name deliver.exe) seems to be a Netscape Certificate Sequence in DER format. After some basic steps to convert it to PEM openssl nseq can convert it into a sequence of three PEM encoded certificates. The first one being my own certificate. I can view each of these 3 extracted certificates with openssl x509 but it seems my private key gets lost in the conversion process. I am running out of ideas... Any hits? Anyone else using Thawte "Personal Freemail" certificates? Best regards, Joachim __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: mini-ASN.1 compiler 0.9.8-beta5
In message <[EMAIL PROTECTED]> on Thu, 16 Jun 2005 11:51:57 +0200, pana <[EMAIL PROTECTED]> said: panasa1> The error I get when I use -genstr is: panasa1> panasa1> unknown option -genstr panasa1> asn1parse [options] where options are panasa1> -inform arg input format - one of DER TXT PEM panasa1> -in arg input file panasa1> -out arg output file (output format is always DER panasa1> -noout argdon't produce any output panasa1> -offset arg offset into file panasa1> -length arg length of section in file panasa1> -iindent entries panasa1> -dump dump unknown data in hex form panasa1> -dlimit arg dump the first arg bytes of unknown data in hex form panasa1> -oid file file of extra oid definitions panasa1> -strparse offset panasa1>a series of these can be used to 'dig' into multiple panasa1>ASN1 blob wrappings That's not 0.9.8-beta5. Try the following command: openssl version Cheers, Richard - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ "When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up." -- C.S. Lewis __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Question about TLS handshake buffer
Hello, I am writing a 802.11 wireless client that communicates with the access point using PEAP and MSCHAPV2. I am having trouble establishing a secure TLS tunnel in which to perform the PEAP phase 2 handshake. My client sends a TLS Client Hello message. The servers respond with their "Server Hello, Certificate, and Server Hello Done". So far, so good. But after I send my "Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message" message I get an error. Specifically in the PEAP protocol I get a "TLS bad record mac" or "TLS alert, unexpected message" error from the server. Hostap sends the "unexpected message" error, other servers send "bad record mac". My theory is that I am not correctly maintaining the correct handshake message buffer described in RFC 2246 7.4.8, so my finished message is not computing the correct "verify_data" value described in RFC 2246 7.4.9. Can someone point me to the code in hostapd and/or openssl in which this buffer is constructed, and in particular where the actual verify_data buffer is calculated? I would greatly appreciate the help. Thanks, Jim Howard __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Need objective arguments against double certificate
In message <[EMAIL PROTECTED]> on Tue, 14 Jun 2005 00:14:54 -1000, "coco coco" <[EMAIL PROTECTED]> said: coconut_to_go> We called it bullshit, and were having a hot debate, coconut_to_go> most people (the technical people) are opposed to that, coconut_to_go> saying that there is nothing secure about this scheme. coconut_to_go> If you want to separate the signature key from the coconut_to_go> encryption key, you should have 2 keys, and not one key coconut_to_go> with 2 certificates. This does not make any sense. Like everyone else, I say this consultant doesn't know what he's talking about (I'm tempted to ask you to tell me who it is, so I can avoid him/her). Can I suggest a different line of attack, though? It's obvious that confronting the consultant by calling bull doesn't win you any points, so how about simply asking the consultant how, exactly, the double certificate scheme increases security. And do not let yourself be satisfied with a half ass answer. coconut_to_go> The CEO said he trusts the "security expert", and if we coconut_to_go> want to change that, we need to come up with better coconut_to_go> arguments than that. I'd ask the CEO up front on what grounds he trusts that consultant. coconut_to_go> But the annoying thing is, the 2 certificates do not coconut_to_go> even specify usage attributes correctly. And our coconut_to_go> security expert said it does not matter, we (the coconut_to_go> programmers) have to figure that out, which cert is coconut_to_go> used for signature and which one is used for encryption. This is just further proof that consultant doesn't know squat what he or she is talking about. Cheers, Richard - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ "When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up." -- C.S. Lewis __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: Need objective arguments against double certificate
> Thanks all for replying. More heated debates I guess. How can there be a heated debated when there is not yet one argument advanced in favor of the double certificate scheme? DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: nseq vs Thawte freemail certificates
Hi Joachim, On 6/16/05, Joachim Buechse <[EMAIL PROTECTED]> wrote: > Good day! > > I am trying to extract my private key from a file downloaded from > Thawtes "Personal Freemail" certificate service. (Thawte creates the > private key for the user to simplify the process). > > The file (with the meaningfull name deliver.exe) seems to be a Netscape > Certificate Sequence in DER format. After some basic steps to convert > it to PEM openssl nseq can convert it into a sequence of three PEM > encoded certificates. The first one being my own certificate. I can > view each of these 3 extracted certificates with openssl x509 but it > seems my private key gets lost in the conversion process. The file from Thawte does not contain your private key. To get the private key you need to install the certificate in your browser and then export it. Regards Morgan __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
openssl base64 problems
When I try to decode a particular smime message I'll get error "ASN1_get_object:too long". First I thought there's something wrong with ASN.1 syntax but than I found a major difference in openssl base64 decoding compared to other base64 tools. Given attached PEM file with all other base64 tools than openssl (eg base64, mimencode, web online base64 decoder, Asn1Editor, some kind of self written base64 test, etc) I'll get a DER filesize of 5305 bytes with correct ASN.1 syntax. With all openssl versions I have tested (0.9.5...0.9.8) I'll get a DER filesize of only 5280 bytes (openssl base64 -d). This behavior is only on a very few smime files I recieve, no problems on all other smime files. In my opinion there's something wrong with the PEM file. I didn't write C code for a long time so I couldn't figure out the reason why openssl stops decoding base64. Any idea? Thanks -- Beat MIAGCSqGSIb3DQEHA6CAMIACAQAxggJgMIIBLAIBADCBlDCBjTELMAkGA1UEBhMCQ0gxDTALBgNV BAcTBEJlcm4xIDAeBgNVBAoTF0VpZGcuIE9iZXJ6b2xsZGlyZWt0aW9uMRUwEwYDVQQLEwxDQSBB YnRlaWx1bmcxDzANBgNVBAMTBk9aRCBDQTElMCMGCSqGSIb3DQEJARYWYWRtaW5AbTkwLmV6di5h ZG1pbi5jaAICA3MwDQYJKoZIhvcNAQEBBQAEgYAqrYhf0uOC2w45w8Pv1/xagYUuouk0w5n1 Pu3etMFoMpK8OkEdYB1Vuf1mcVQruMukWjF088OWPnuJca6S0xHAkJ/tRGur5udqbDcmZ2iJHUsd 5km0eNyFgPXHlREOOkX81z8xUw1zPSPWxjX5AtXOeImcv4Tmmw8UpvgF+TCCASwCAQAwgZQwgY0x CzAJBgNVBAYTAkNIMQ0wCwYDVQQHEwRCZXJuMSAwHgYDVQQKExdFaWRnLiBPYmVyem9sbGRpcmVr dGlvbjEVMBMGA1UECxMMQ0EgQWJ0ZWlsdW5nMQ8wDQYDVQQDEwZPWkQgQ0ExJTAjBgkqhkiG9w0B CQEWFmFkbWluQG05MC5lenYuYWRtaW4uY2gCAgNzMA0GCSqGSIb3DQEBAQUABIGAGD7PHuudx1Fz qUxb4L2f/nX90wkBXKfFO7S6/k1gZKLFVVNbSbOzUHVkG0nt6sJeNUZN4B4zbhdVG7VKvuBpQahD Bq1DNxDa8JrJLTgAYSlY2QRa2GmnUqL/aZGyB18rbRBMEqnLxzbxTZrf4B6pgSv/uWdxdHqhJePX BZwm8fAwgAYJKoZIhvcNAQcBMBoGCCqGSIb3DQMCMA4CAgCgBAi6od+OrqgzJaCABIIIAGKuU0DI sHlm8jxu/IfoEORdpCNm1O0Ng9LcVXr09bFd9T1eLmT9C30s4UXkTl7vNrsE/5aL4M+hVAD0uT3q 51wbnc02hxu+E5wKFM/V9GS6kJeAZjuWGchZzVsSpBIJLEv7EZ8FNiKRyEAhix1ZWwuk/YydKL+X lZeHuEYi2qFG1lmz0x8xGu+P7BJJMtgNhF8hWOmQPVTHGaTZrX9zTeMlC6dLc+jDgPycVqSRGCMX xq/Nx43wonxuCUIcYc3ArRoDDQ0g7yCCStmxgHjT7DJpLsK3Xf1J1rB/Td5TYGwUhKCoXudL4J3R ifkz+ePmpVU4MgGnQfEz/3/pdrohrEUbQuqLX0ysAbgLQ15tll6Y/PjClZXgwKC1CpzS4fm+7/um QneAP+SE0VNkooYxjCVNVfDM7MndkSROlrW6yqRXM61LkF8kps0NVKYmw4xBANuL4ourb76Wc/ns jEE6FJau3b8+FeWNFYvA8O5pkhsOYSidYiiS9EM6uGxuCBSufPZcz3M0rjv0YLIOyc1MuHekuKg9 Kwl0HxdgVjTNx7ziuXybnzmPRn86Z8BUqVj3+3yQRAkRZiXxLAoDbreZjD6QYDMc4u/Cw81qls8K sowvPG1N31LRbxQ7XJKB/AtL9OqnvqoYPVjs93qUcqv5PwbMurv0kCX9xyGL5Q3lX441QRgygEYd fpQ5oS1ARozO/wcOQEqSOJ5CgfyJVM6tev5DJycvKt7uJAmjanrU9wqT1sD3RzR4TM28nCPepfHG xQP0FVzMN+Lx0EmYp0nP315YdUuEo58dUTyscgSOQfFwxlFKea+6s0tDbvMWwtgz9589alLur3/i ZKGWx5Vc+X6HU4FYejLcfvjeeFV9/fKPb78ASP3loHEYLy9oDe5EAbUoAVnUbyiKC1agK9CVQZwY A2xWgsKoRO8BCOs0oKZs4JGfK9UVLYAtpgy/9zVZH6oG/rh2aVDrdZhup1Ay3IGYuDjGbnbRO00k FNYUZpQU2+TPIOgEYtP5AtmJ7U7iGA5cjuKxhlz5+f+RbcYdGOQO8Emf0dNK4XjY8N6iw4l9Ozds GNg4Nyow8mnIFlbHHFiNA/eTPJoCzH1fss4R9rSopWIU029n5qvAaQsMjcz5zGvzkDkySaeBU4CR MO01YnH4wqnGGCZKaL9fe25OEHAGT0SYrEpdD1tIU77M982RudP0gZRzOhsUGJDJSajL3w8eW3Bn sSv9HN/KhQaf7XHDrmZJNH7C2wi/iYaZwkl7XRdbh8izbKkHmabN+CYnd+RQeSJatkjN5NmlSRru U6bSWO0BswNsU5r1hmVEpYuM/OdY7eJSjMPJZQKdLYi0tnZce4tBib2mlKKujjF6GL+X5KEaXhuC hIKBkCY+mWIYoPmtAdqZtsYVxrDUHHBxRcevW5XLRY1E3mzU8d1KH4rdZ6V0aQhfAwjZs04EdCgK qv3ePu/v0bzOv//mAddd8FfKehiqXl+liNV8T5RM3+umWzHX5NK11yg6PeNKb1SS9zbEJR3sa4Ax jO5dcE6XwUzDmlfuEXR7L8yVGewksdMEaz+jzHCIFyiT+JeI1vHUoCRvNfGWhejsW+obJB4Q4j3I L3PdGuKLRuWbkSpmn3/kIDXSK/JW3oDb/r6fbFUX3PW7pgqnfqa6mIdVs71AplCz1Ym7IJy0vGA3 ltD/bxxWl9+rAG0NjRNb8EoTV238NE/YrSDrmdeDl3e+rcBPrrQenY/XCiheDTOF7k5eOnE8XCTP 5R3Y2ueGiFfCQQcAB0013k1c5SMByuZeR8fSdAU6aoSQoX4MZdGCtlx7hB4jwFMzae6ziUH2M/ep cRfy2zT0ks4sX0PTI55/J+pSIS/gS6nEYKyOKwihipLHZNggfdun9z3o5/q5HadIZHHnpRuv3G69 hRtSZdk5/sZw+P6k37+kq85JjMXXj2+A8E4jwbiQcusSTtIYTF9a7zBTDshEqFkq5X4zC2kVcwsl rel2T+KocyifRc+UwbtDoqiRsiOHf1PLk4GG7OSwgMsLt/lEj4TfjVGemdPVaJhXtsspTYpJxFwX ZkL8renasC6CvOLEgTLvB5NkCIeJzH5/sy5NKPT92ufKasIwUMkaM5/DBv7iCRhx43rh0BOPI+0p cLz4KJu/Y+pRHRY4/TtSmVsGVxv4vSZQwOsLltqcGtK70NLw6por6Z363rht4UEoDdfdvpuh+m4F GA0KWO38QoS1gNITo8rRHnjJyi9+OqYCxwcyL1/1raAHK3JPYIfFyVDO5tJRSGucnwn3jsvk42GM Um28CPY8Fh0TukQMqYWLheU9nlBNynZPhE3CjqIvaU21CBNWekpSleM6vgS26y/1vR8XfO+iOzUT ErTNufUlPbQCFBtsp1+5lCBJHx+cVIg+AltDM60DJ8US8U/GSwPGn6o8/KNrviPz4k1Irk9Om6Yy bHAwTMkGO/7LqkcIAAC0L2w3K0X5ndDre9M5UXZv/AKRP+du5eTwz3P1RtgMcGh7zS5IQJt0AN6R dv0ZSX1gwG05jP2dof1HHTJO5k0/IwAw8bxlTZQWHqfv5tP5OkerJBJHURvF3or5+JT4yPTq+Ej4 GPB9mqzA+USVDUqF9tqOJz9fUvbvuP+rQfOelz4AlPFtsWOqyfe2bFWidy32VBzwNCljnBw4GFJ/ O3fk2/F5rqXDdkVJVIg1O9l6N6aLwne9t/9Obkb9Je7WgkubIagsyqlIT5NT7xyhBIIIABh8+u0q Tmaf/KKAiTeQh3cKUCh2QOteeiQpYdCHwxV6GilwGUalfughWRaGxlMwTMgsJFuPVs2VPRXnBCJL h51zfGbRF6uCNKHOXRI4mnUuQAH+Lx+fetf4cu9UPqds0UWZ5vk4vTR8ifaa1PicwPzw3+R8g0pA iMz7kqdBLjx81zUmqASRWL+BKGc5NcGL/48c9FAHtTsre28yrDF2poOqCl4Oik87emhacWqus1aM qTSoyf6Nm1RQEkDNDE3IAutHJpGeELFnJgKmkJRwxkfYaRxSVcvMr38RYkyNYgPr13GCYdtXimGZ kz0zLFCZ313lFQR2Abb0bSpaGpcEowLZ6Zy5DJdQjGpR8YnD83aNsx3BJvnP0UuI/4wOTYu+bQ3e nJNz1+vdp+5E1NxxAE5HF
RE: problem verifying signature from java
Hello coco, I am also facing the similar problem. I am generating signature using OpenSSL and passing in to JAVA to verify (running JAVA test suite). Signature format is in DER encoded PKCS#7 format. But JAVA is not able to parse the "SignedData" content in the PKCS#7 format. It is giving "rejects tag type -96" error while parsing. Any comments on this are greatly appreciated. If you got any cluekindly let me know. Thanking you Madhu -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of coco coco Sent: Wednesday, June 15, 2005 5:17 PM To: openssl-users@openssl.org Subject: problem verifying signature from java I'm trying to get a client application written in C++ using OpenSSL to verify a signature sent by a server (in Java) and vice versa. Not sure I specified it correctly, but the signatures generated on both sides, from the same input data, are not the same, and therefore, can't be verify. And this is using the same key, of course. Here is the code in Java for signing it: == String testKey = "-BEGIN RSA PRIVATE KEY-\n" + "MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ\n" + "2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF\n" + "oudmkNziSRTYjnwjx8mCoAjPWviB3c742eO3FG4/soi1jD9A5alihEOXfUzloenr\n" + "8IECIQD3B5+0l+68BA/6d76iUNqAAV8djGTzvxnCxycnxPQydQIhAMXt4trUI3nc\n" + "a+U8YL2HPFA3gmhBsSICbq2OptOCnM7hAiEA6Xi3JIQECob8YwkRj29DU3/4WYD7\n" + "WLPgsQpwo1GuSpECICGsnWH5oaeD9t9jbFoSfhJvv0IZmxdcLpRcpslpeWBBAiEA\n" + "6/5B8J0GHdJq89FHwEG/H2eVVUYu5y/aD6sgcm+0Avg=\n" + "-END RSA PRIVATE KEY-\n"; String testCert = "-BEGIN CERTIFICATE-\n" + "MIICLDCCAdYCAQAwDQYJKoZIhvcNAQEEBQAwgaAxCzAJBgNVBAYTAlBUMRMwEQYD\n" + "VQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5ldXJv\n" + "bmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMTEmJy\n" + "dXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZpMB4X\n" + "DTk2MDkwNTAzNDI0M1oXDTk2MTAwNTAzNDI0M1owgaAxCzAJBgNVBAYTAlBUMRMw\n" + "EQYDVQQIEwpRdWVlbnNsYW5kMQ8wDQYDVQQHEwZMaXNib2ExFzAVBgNVBAoTDk5l\n" + "dXJvbmlvLCBMZGEuMRgwFgYDVQQLEw9EZXNlbnZvbHZpbWVudG8xGzAZBgNVBAMT\n" + "EmJydXR1cy5uZXVyb25pby5wdDEbMBkGCSqGSIb3DQEJARYMc2FtcG9AaWtpLmZp\n" + "MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNw\n" + "L4lYKbpzzlmC5beaQXeQ2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAATAN\n" + "BgkqhkiG9w0BAQQFAANBAFqPEKFjk6T6CKTHvaQeEAsX0/8YHPHqH/9AnhSjrwuX\n" + "9EBc0n6bVGhN7XaXd6sJ7dym9sbsWxb+pJdurnkxjx4=\n" + "-END CERTIFICATE-\n"; // same input string for both Java and C++ String input = "9O2CQ14zAXEd7GzJ9XELhQH.aE6"; public void doSign() { try { // Note: PEMReader is from BouncyCastle StringReader sReader = new StringReader(testKey); PEMReader pemReader = new PEMReader(sReader); KeyPair keypair = (KeyPair) pemReader.readObject(); PrivateKey privKey = keypair.getPrivate(); PublicKey pubKey = keypair.getPublic(); sReader = new StringReader(testCert); pemReader = new PEMReader(sReader); X509Certificate cert = (X509Certificate)pemReader.readObject(); PublicKey pubKey2 = cert.getPublicKey(); Signature sig = Signature.getInstance("SHA1withRSA"); sig.initSign(privKey); sig.update(input.getBytes()); byte[] sigvalue = sig.sign(); Base64 b64 = new Base64(); byte[] b = b64.encode(sigvalue); String s = new String(b); System.out.println("'" + s + "'"); sig.initVerify(pubKey2); sig.update(input.getBytes()); boolean status = sig.verify(sigvalue); System.out.println(status); } catch(Exception e) { e.printStackTrace(); } } == And the code in C for verifying: == char * testKey = "-BEGIN RSA PRIVATE KEY-\n" \ "MIIBPAIBAAJBAL7+aty3S1iBA/+yxjxv4q1MUTd1kjNwL4lYKbpzzlmC5beaQXeQ\n" \ "2RmGMTXU+mDvuqItjVHOK3DvPK7lTcSGftUCAwEAAQJBALjkK+jc2+iihI98riEF\n" \ "oudmkNziSRTYjnwjx8mCoAjPWviB3c7
Re: mini-ASN.1 compiler 0.9.8-beta5
The error I get when I use -genstr is: unknown option -genstr asn1parse [options] : > pana wrote: > > I used those commands: "openssl asn1parse -inform TXT -in in.txt -out > > out.tx" > > "openssl asn1parse ..." doesn't support "TXT" input > > > and "openssl asn1parse -genstr 'UTF8:Hello World' " > > works for me: > > [EMAIL PROTECTED]:~> openssl version > OpenSSL 0.9.8-beta4-dev XX xxx > [EMAIL PROTECTED]:~> openssl asn1parse -genstr 'UTF8:Hello World' > 0:d=0 hl=2 l= 11 prim: UTF8STRING > > > Then I tryed to use it in the openssl.cnf file > > "myextension=IA5STRING:Hello World" > > did you read doc/openssl.txt ? > > what error messages do you get ? > > Nils > __ > OpenSSL Project http://www.openssl.org > User Support Mailing Listopenssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: nseq vs Thawte freemail certificates
I've not been there, but is it possible that this is a PKCS#12 bag? Dave __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
nseq vs Thawte freemail certificates
Good day! I am trying to extract my private key from a file downloaded from Thawtes "Personal Freemail" certificate service. (Thawte creates the private key for the user to simplify the process). The file (with the meaningfull name deliver.exe) seems to be a Netscape Certificate Sequence in DER format. After some basic steps to convert it to PEM openssl nseq can convert it into a sequence of three PEM encoded certificates. The first one being my own certificate. I can view each of these 3 extracted certificates with openssl x509 but it seems my private key gets lost in the conversion process. I am running out of ideas... Any hits? Anyone else using Thawte "Personal Freemail" certificates? Best regards, Joachim __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
openssl on amd64
compiling openssl-engine-0.9.6m on a dual opteron slamd(slack 64 10.1) box ./config completes but then make throws and error up to do with the assemblers for md5,sha etc so if i run ./config no-asm and then make i get no problems... however it still only detects the system as a 32bit sys. ( .. -m486 ... )gcc flag in the make file. anyway it still makes and installs (apparently ) without incedent. however I am gettin a problem with exim (the Mail MTA) that outputs the following in /var/log/messages Jun 16 11:18:45 scarab kernel: exim[15518]: segfault at 001a rip 2b4b46a1 rsp 7ffbe3c0 error 4 now i *have* narrowed this down to the SSL installation as the MTA works fine for nonencrpyted mail. has anyone seen this before?? ronan -- Regards Ronan McGlue Info. Services QUB __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
DES encrypt problems
Hello everybody ! I've got some problems with simple DES encryption; i have compared the results of my DES fonction with the examples given in the file test.cpp and when the key has a particular form (only 0, only FF, ...) the cipherdata is not the cipherdata expected... In other (most of) cases, cipherdata is correct. Any ideas ? thanks, Nico from Dax Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez le ici !
Re: using AES encryption
Quoting Nils Larsch <[EMAIL PROTECTED]>: Julien ALLANOS wrote: ... Actually, I have tested the following: EVP_CIPHER_CTX_init(&ctx); EVP_CipherInit_ex(&ctx, EVP_aes_192_ecb(), NULL, key->data, NULL, 1); if (!EVP_CipherUpdate(&ctx, ciphertext->data, (int *) &ciphertext->length, plaintext->data, (int) plaintext->length)) { EVP_CIPHER_CTX_cleanup(&ctx); return NULL; } if (!EVP_CipherFinal_ex(&ctx, ciphertext->data, (int *) &ciphertext->length)) here you overwrite the previously set length and data. Have a look at the do_crypt example in the EVP_EncryptInit manpage. Nils Fine, it is working well now. Thanks for your help. Can I just assume that: 1/ AES_BLOCK_LENGTH = 16 ? 2/ output buffer size = input buffer size + AES_BLOCK_LENGTH for EVP_CipherUpdate()? 3/ output buffer size = AES_BLOCK_LENGTH for EVP_CipherFinal_ex()? -- Julien ALLANOS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Certificate chain problem
SUMMARY: The problem was that the root CA had a pathlen=0, so the intermediate CA could not be recognized. Setting pathlen=1 solved it. Many thanks to Goetz for his help. From: Goetz Babin-Ebell <[EMAIL PROTECTED]> Reply-To: openssl-users@openssl.org To: openssl-users@openssl.org Subject: Re: Certificate chain problem Date: Mon, 13 Jun 2005 22:40:10 +0200 Eleftheria Petraki wrote: > Hi all, Hello Eleftheria, > I have generated a self signed root certification authority and an > intermediate certification authority signed by the root CA using openssl > 0.9.7g. The intermediate CA signed an apache 1 with mod-ssl SSL server > certificate. Both the root and intermediate PEM certificates are placed > in the file ca.crt pointed by the directive SSLCACertificateFile. How about putting the intermediate CA-certificate in the file ca.chain and let the directive SSLCertificateChainFile point to it? SSLCACertificateFile is IMHO only for accepted CAs for client authentication (so no wonder the server does not accept the connection request, your browser does not have an according client certificate). Unfortunately it is not working. IE still cannot display the page and Mozilla causes the following entry in error_log: [Mon Jun 13 16:42:57 2005] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate [Hint: Subject CN in certificate not server name or identical to CA!?] Perhaps you should start with a more basic approach: do an openssl s_client -connect server:443 -CAfile root.crt (root.crt should only contain the root certificate...) If this prints somewhere the verify error message "unable to get local issuer certificate" the server doesn't send the intermediate CA cert. (this is an error, only the root cert may be omitted...) You should insert the intermediate CE cert in the CA cert file the directive SSLCertificateChainFile points to... But CN is identical to server name and openssl verifies correctly the server certificate. If both root and intermediate CA certificates are imported in Mozilla the page is opened without problems. However the same thing does not work in IE - the page cannot be displayed. I am realy confused. In your constellation s_client should print an certificate chain with 2 certificates in it... * the root cert (from the CAfile) and * the intermediate cert (provided by the server) Bye Goetz -- DMCA: The greed of the few outweighs the freedom of the many << smime.p7s >> _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]