--snip--
So, where is the DB? I cant find one in the subdirectories unter
/usr/lib/ssl/ . The files which are in there, are completly empty and
they dont get a new modificationdate.
Should be a file called index.text under demoCA but if openssl.cnf has been
modified from the OpenSSL d
On Thu, Apr 27, 2006, Martin Mller wrote:
> Thank you for your quick answer. Im a bloody rookie in owning a CA.
>
> So my next Problem:
> My Debian Sarge doesnt write a CRL after the command openssl ca -revoke
> client2N.cert. Im getting the following messages
>
> Using configuration from /usr/
On Thu, Apr 27, 2006, Matthieu BONETTI wrote:
> Hello,
>
> I agree on the fact that MS can import/export certificates in DER format (and
> pk12 as well).
> I'm not familiar with MS system and MS programmation but I understood that
> Windows really stores
> certificates in pieces (In the registr
If it's exported as a DER file, it's already in an X509 structure. If
it's exported as a PKCS#12 file, then OpenSSL has tools for parsing
that too. I don't really understand what your problem is.
MS's cryptography system is built around the concept of FIPS
compliance. That means that it's almos
On Thu, Apr 27, 2006, K Vu (sent by Nabble.com) wrote:
>
> Hello,
>
> I'm very new to openssl. I wanted to create a CSR PKCS#10 & tried the
> following command:
>
> openssl req -config openssl.cnf -new -x509 -days 1001 -key private/cakey.pem
> -out certs/ca.cert
>
> and I got the following err
Hello,
I'm very new to openssl. I wanted to create a CSR PKCS#10 & tried the
following command:
openssl req -config openssl.cnf -new -x509 -days 1001 -key private/cakey.pem
-out certs/ca.cert
and I got the following error:
3809286:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG n
Dr. Stephen Henson schrieb:
On Thu, Apr 27, 2006, Martin Mller wrote:
Hi!
Is it possible to explain me shortly, how to revoke a pcks12-File?
BTW: I dont have the .pem-Files anymore.
A PKCS#12 file is a container so your question is a bit like asking how to
revoke a .zip file..
If y
On Thu, Apr 27, 2006, Ambarish Mitra wrote:
> Ok, I understand. Let me rephrase the question. The sender has digitally
> signed a message and send it to our application. The sender also has send
> his cert. Using the cert, we have to verify the signature.
>
> Honestly, I am sorry for posting an i
On Thu, Apr 27, 2006, Martin Mller wrote:
> Hi!
>
> Is it possible to explain me shortly, how to revoke a pcks12-File?
> BTW: I dont have the .pem-Files anymore.
>
A PKCS#12 file is a container so your question is a bit like asking how to
revoke a .zip file..
If you want to revoke a certificat
On Thu, Apr 27, 2006 at 03:39:47AM -0700, Wakatou (sent by Nabble.com) wrote:
> My commercial company needs to secure its databases and file transmissions.
> We need to reassure the client that our site and his datas are secured on
> our application. Therefore, we need to make sure he knows the se
Hi!
Is it possible to explain me shortly, how to revoke a pcks12-File?
BTW: I dont have the .pem-Files anymore.
THX, Martin
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
This particular exchange ought to be forwarded to every CEO, every
stockholder and, hey, everyone who uses a computer.
I was on dozens of radio shows last summer talking about how bad things
were going to get if we didn't start really thinking about the
foundations of our information infrastr
In message <[EMAIL PROTECTED]> on Thu, 27 Apr 2006 13:59:59 +0200, "Saurabh
Arora" <[EMAIL PROTECTED]> said:
tanish2k> Thankyou openssl group for your overwhelming, ZERO help support.
You know, you sent the first mail about 24 hours ago, and you seem to
expect the kind of support you'd normally
Ok, I understand. Let me rephrase the question. The sender has digitally
signed a message and send it to our application. The sender also has send
his cert. Using the cert, we have to verify the signature.
Honestly, I am sorry for posting an ill-formed question earlier.
AM.
-Original Messag
Thankyou openssl group for your overwhelming, ZERO help support.
i found out libcrypto.a is build everytime you compile the openssl.
but i am still having problems.
i am trying to add my custom extension under the standard extension stack.
(my company have acquired OIDs)
steps:
- add entries (s
what do you mean by "decrypt a signed message"? either u have to
decrypt the encrypted message, or rehash and check the msg digest i.e
the sha/md5 signature.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Ambarish Mitra
Sent: Thursday, April 27, 2006 5:16 PM
David,
Thanks a lot. This worked. Next logical question is: using this public key,
how do I decrypt a signed message? This signed message was signed by the
corresponding private key, and naturally, my application does not have that.
My application has the cert, and this signed message. How to ver
> Hi all,
>
> How to extract the public key from the certificate?
1) Read in the certificate.
2) Extract the public key.
> I have a question on the function: PEM_read_RSA_PUBKEY and
> PEM_read_bio_RSA_PUBKEY.
>
> The argument to these function is FILE *fp and BIO *bp respectively
> Hello,
>
> My commercial company needs to secure its databases and file
> transmissions.
> We need to reassure the client that our site and his datas are secured on
> our application. Therefore, we need to make sure he knows the security
> standard we are using. We would like to use OpenSSL but
Hi all,
How to extract the public key from the certificate?
I have a question on the function: PEM_read_RSA_PUBKEY and
PEM_read_bio_RSA_PUBKEY.
The argument to these function is FILE *fp and BIO *bp respectively.
Does this argument contain a X509 certificate? This I ask, since the public
key is
Go with OpenSSL
On Thu, Apr 27, 2006 at 03:39:47AM -0700, Wakatou (sent by Nabble.com) wrote:
>
> Hello,
>
> My commercial company needs to secure its databases and file transmissions.
> We need to reassure the client that our site and his datas are secured on
> our application. Therefore, we ne
Hello,
My commercial company needs to secure its databases and file transmissions.
We need to reassure the client that our site and his datas are secured on
our application. Therefore, we need to make sure he knows the security
standard we are using. We would like to use OpenSSL but we need to ma
Hello,
I agree on the fact that MS can import/export certificates in DER format (and
pk12 as well).
I'm not familiar with MS system and MS programmation but I understood that
Windows really stores
certificates in pieces (In the registry, in files in UserData directory). So
what I need is to
get
Technically, DER is Distinguished Encoding Rules, a subset of Basic
Encoding Rules.
OpenSSL can use '-inform DER' to state that it's in DER instead of PEM.
PEM is just an ASCII-64 version (akin to uuencoding) of the DER data.
[and don't get me started on XER.]
-Kyle H
On 4/27/06, [EMAIL PROTEC
I think yes. MS stores certificates in DER format. You can pass it to OpenSSL
with "-inform DER" key. Or you can convert DER to PEM with OpenSSL.
> Hello,
>
> Is there a way to use Microsoft stored certificates with OpenSSL? I can\'t
> find anything on this.
> I can access to those certifica
25 matches
Mail list logo
