From: openssl-users On Behalf Of Dr. Roger Cuypers
Sent: Friday, July 03, 2015 11:01
I'm trying to do peer client verification using the
SSL_CTX_load_verify_locations function
snip: CAfile works
However, setting only CAPath will not: snip
This will result in a
From: openssl-users On Behalf Of Walter H.
Sent: Sunday, July 05, 2015 06:49
snip: CentOS default
openssl req -new -newkey rsa:2048 -subj '/CN=Squid SSL-Bump
CA/C=/O=/OU=/' -sha256 -days 365 -nodes -x509 -keyout ./squidCA.pem
-out ./squidCA.pem
the question: where does the serial number
On 05.07.2015 14:19, David Thompson wrote:
Quoting the man page for req(1) -- although depending on the packaging
which I don't know for CentOS it may be a different section like 1s or 1ssl --
and also on the web https://www.openssl.org/docs/apps/req.html
-x509
this option outputs a self
Hello,
I'm using openssl command-line in a Linux-Box (CentOS 6.x with squid)
like this:
I havn't defined anything - everything is set default from the linux
distribution
openssl req -new -newkey rsa:2048 -subj '/CN=Squid SSL-Bump
CA/C=/O=/OU=/' -sha256 -days 365 -nodes -x509 -keyout
From: openssl-users On Behalf Of Ben Humpert
Sent: Sunday, July 05, 2015 07:58
Take a look in your openssl.cnf and you should see the option serial
with a path / file specified. The serial number is taken from that
file. If the file doesn't exists or is empty when the very first
certificate
Take a look in your openssl.cnf and you should see the option serial
with a path / file specified. The serial number is taken from that
file. If the file doesn't exists or is empty when the very first
certificate is created then 01 is used as a serial for it.
Rich Salz recommended me this SSL
the question: where does the serial number for this certificate come from?
is it random by default when nothing is said about it?
It will be random if (a) the serial file does not exist; and (b) you specify
the -create_serial flag. Otherwise it opens the file, reads the number
(defaulting
On Sun, Jul 05, 2015, Salz, Rich wrote:
the question: where does the serial number for this certificate come from?
is it random by default when nothing is said about it?
It will be random if (a) the serial file does not exist; and (b) you specify
the -create_serial flag. Otherwise
Unless I'm misreading the code an absent serial number file is an error.
I was looking at load_serial() in apps.c, with the |create| parameter.
/r$
___
openssl-users mailing list
To unsubscribe:
