Hi
I just started to try gererating certificates for machine authentication
with openssl.
But im not so successful. I can generate client certificates but im not
sure about the difference between client and machine certificates.
Do i have to change the x509_extensions in the openssl.cnf file? How
Yes you should edit the x509_extensions in the openssl.cnf
I think the following will be minimal set for a ssl server host cert:
basicConstraints = CA:FALSE
keyUsage = digitalSignature, keyEncipherment
nsCertType= server
extendedKeyUsage= serverAuth,msSGC, nsSGC
On
Do you have an example of a openssl.cnf file.
Do i have to consider something else instead of the openssl.cnf file
Marcel
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Babak Nasri
Gesendet: Mittwoch, 20. Juli 2005 11:49
An:
Hi,
I'm currently testing an OCSP Responder and need to include the following test
cases:
1. Sending an OCSP request with an invalid protocol version
2. Sending an OCSP request with the CRL Reference extension
3. Sending an OCSP request with the Archive Cutoff extension
4. Sending an OCSP
I am developing an application that uses libcurl for online support.
The application is linux based. The windows counterparts of the app
are using WinInet to do the same jobs. The problem I am facing is as
under.
When the app has to access an https based url and the host server
presents a self
I kept researched why it stopped at aix_ppc32.o aix_ppc32.s...
Now I found the problem...
My AIX 5.1 doesn't have /dev/random and /dev/urandom!!! So where can I get /dev/random and /dev/urandom? Or How can I install them?
I appreciate your help. Thanks.
TomTom Spence [EMAIL PROTECTED] wrote:
Hi,
I don't know how I can set the issuer value which will appear in the
certificate after I signed it.
Someone can help me?
bye
pana
__
OpenSSL Project http://www.openssl.org
User Support Mailing
On Tue, Jul 19, 2005, Thomas George wrote:
Hi,
I'm new to OpenSSL, and I'm hoping someone can tell me the easiest/best way
to parse an email address from a X.509 V3 client email cert.
Any suggestions would be appreciated.
The -email option of the x509 utility will do that.
Steve.
--
Use EGD ( Entropy Gathering Daemon ) on AIX 5.1 and
below...
http://egd.sourceforge.net/
HTH,
Lamar
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom
SpenceSent: Wednesday, July 20, 2005 10:42 AMTo:
openssl-users@openssl.orgSubject: Re: OpenSSL 0.9.8 with AIX
5.2
I
Hello,
I am using openssl (version 0.9.7) to support PKI
authentication to my product and I would like to implement revocation support, I
have successfully implemented support for a CA that publish a full CRL but I have
a problem working with CAs that publishes partitioned CRLs.
For
On Wed, Jul 20, 2005, Hagai Yaffe wrote:
Hello,
I am using openssl (version 0.9.7) to support PKI authentication to my
product and I would like to implement revocation support, I have
successfully implemented support for a CA that publish a full CRL but I
have a problem working with
I am not familiar with the term IDP partitioning (does IDP stands for
Issuing Distribution Point?).
The partitioning is not by reason codes, Every X certificates are
pointed to a certain CDP to reduce CRL's size, CRL's are separated by
the Issuing Distribution Point extension.
I am sorry but I
On Wed, Jul 20, 2005, Hagai Yaffe wrote:
I am not familiar with the term IDP partitioning (does IDP stands for
Issuing Distribution Point?).
Yes IDP is Issuing Distribution Point.
The partitioning is not by reason codes, Every X certificates are
pointed to a certain CDP to reduce CRL's
/dev/random was not officially added to the OS until
5.2.
See the following from the AIX 5.2 Differences
Guide:
Lamar
Quoted...
9.20 Cryptographically secure pseudo-random numbers
AIX 5L Version 5.2 now supports a cryptographically secure
pseudo-random number generator (PRNG). Random
I am going to put my /very/ unknowledgeable foot forward, to the effect
that with aix4.3.3 and the IBM supplied openssl binaries, IBM supplied a
PRNG in rpm format that you had to install first. That may still be
around...I still have it as
prngd-0.9.23-3.aix4.3,ppc.rpm
would this help?
I have developed a CGI that uses OpenSSL and it is building fine using
0.9.7e. Following the release of 0.9.8 I tried rebuilding with the new
release. However, I am getting the following link errors:
libeay32.lib(cryptlib.obj) : error LNK2001: unresolved external symbol
[EMAIL PROTECTED]
I just had the weirdest day ever. At first I thought PayPal's EWP
system decided to flake out. From staring at the problem all day, and
talking to PayPal support for a couple hours, and then having the
problem fix itself (without either PayPal or myself doing anything!)
makes it appear to me
On Wed, Jul 20, 2005, Thomas J. Hruska wrote:
Suggestions? I could try hammering PayPal's service with an automated
script that generates an encrypted and signed block and then submits it
until I get one that is deemed bogus, but I don't think they would
appreciate that.
Well an
Dr. Stephen Henson wrote:
On Wed, Jul 20, 2005, Thomas J. Hruska wrote:
Suggestions? I could try hammering PayPal's service with an automated
script that generates an encrypted and signed block and then submits it
until I get one that is deemed bogus, but I don't think they would
On Wed, Jul 20, 2005, Thomas J. Hruska wrote:
Dr. Stephen Henson wrote:
On Wed, Jul 20, 2005, Thomas J. Hruska wrote:
Well an indication of the error codes would help. Something just not
working doesn't help much...
I don't have access to PayPal's internal systems and neither did the
On Tue, Jul 19, 2005, Milan Tomic wrote:
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Milan Tomic
Sent: Monday, July 18, 2005 1:20 PM
To: openssl-users@openssl.org
Subject: PKCS12_parse() fails (0.9.8.)
PKCS12_parse() fails (returns
Dr. Stephen Henson wrote:
On Wed, Jul 20, 2005, Thomas J. Hruska wrote:
Dr. Stephen Henson wrote:
On Wed, Jul 20, 2005, Thomas J. Hruska wrote:
Well an indication of the error codes would help. Something just not
working doesn't help much...
I don't have access to PayPal's internal
On Wed, Jul 20, 2005, Thomas J. Hruska wrote:
As I said, their solution to the problem seemed hack'ish. As to the
signing time, I just tried rolling my system clock back to the timeframe
where I was having problems and it still works fine. Again, I seriously
doubted this would affect
On Tue, Jul 19, 2005, Edward Chan wrote:
That part of the code remains the same, and continues to work fine. By
the way, my last code snippet should have been:
U8* tmp = buf;
RSA* pub = d2i_RSAPublicKey(0, (const U8**)tmp, len);
I mistakenly typed *len instead of len.
Anyways, after
Hmm, well, I guess I assumed i2d_RSAPublicKey() was ok since the RSA key
seems fine (I ran RSA_check_key() on it and it says it is ok). Is there
any reason why i2d_RSAPublicKey() would not be returning me valid data?
int len = i2d_RSAPublicKey(rsa, 0);
returns me something 0, so I assumed that
25 matches
Mail list logo