RE: printing a certificate

Look at openssl-*/apps/x509.c Arun -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dallas Clement Sent: Wednesday, June 02, 2010 9:50 AM To: openssl-users@openssl.org Subject: printing a certificate Hi, Would someone kindly

printing a certificate

Hi, Would someone kindly tutor me on how to print out a certificate programmatically? I know how to extract the common name, but was just wondering if there is an API function to just print the whole thing in human readable form? X509 *pX509Peer = SSL_get_peer_certificate( pSsl ); if ( pX5

Re: Openssl req command

"Dave Thompson" wrote in message news:ee558ada74ef4896a656a182b39d9...@prinpay.com... > > From: owner-openssl-us...@openssl.org On Behalf Of Jamrock > > Sent: Sunday, 30 May, 2010 06:35 > > > In the past I have created my certificates as follows: > > /etc/pki/tls/misc/CA -newca > > > > openssl re

Client cert verification & SSL_CTX_set_client_CA_list()

Hi All, Could someone help me understand why there is a function SSL_CTX_set_client_CA_list() for telling the client which CAs the server will recognize but no function for telling the server which CAs the client will recognize? In other words, could you please explain the asymmetry? It doesn't

RE: self-signed SSL certificates and trusted root certificate

> From: owner-openssl-us...@openssl.org On Behalf Of Vieri > Sent: Tuesday, 01 June, 2010 10:25 > --- On Fri, 5/28/10, Dave Thompson wrote: > > Are your clients only browsers (IE? FF?) or apps? > > I was testing with IE6 but am now trying out FF 3.5.9. I when > to the advanced config options

Re: How to make a legit CA cert?

Thanks Mark, that was an extremely helpful explanation. When I asked this question I was hoping to learn if CA certs are self-signed or if there is some other procedure to authenticate a CA cert as being legitimate. From your explanation it sounds like all CA certs are generated by the CA itself

upgrading from 0.9.8l to 1.0

I am starting from a working Axis2c 1.6 / OpenSSL 0.9.8l configuration on Win 2008 R2 server. I am using a debug build and the Windows CRTDBG flags to chase a memory leak of 40K per request, and am hoping that an upgrade to OpenSSL 1.0 will get me out of this spot... I'm so close I can taste it

OpenSSL 0.9.8o released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 0.9.8o released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 0.9.8o of our open source

RE: self-signed SSL certificates and trusted root certificate

--- On Fri, 5/28/10, Dave Thompson wrote: > FYI: 'self-sign' in PKI means a *cert* that is signed by > its own key, > normally only a CA 'root' cert. Thank you for clarifying. > Right. They are, and you want to be, another CA. Exactly. > > So I published MY-CA/cacert.der as shown below. >

OpenSSL 1.0.0a released

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 OpenSSL version 1.0.0a released === OpenSSL - The Open Source toolkit for SSL/TLS http://www.openssl.org/ The OpenSSL project team is pleased to announce the release of version 1.0.0a of our open source

Re: How to make a legit CA cert?

This should be more widely understood: an application considers a CA trusted because some human told it so. There is no other way. The "recognized" CAs are trusted by e.g. your browser because the maker of the browser decided to trust them and so put them into the list of trusted CAs that is pac

Re: CA cert installed/imported but they are not trusted

Sander Temme wrote: > > > On Apr 9, 2010, at 3:02 AM, Götz Reinicke - IT Koordinator wrote: > >> [r...@ldap1 ~]# openssl s_client -connect ldap1.filmakademie.de:389 >> -showcerts -CAfile /etc/openldap/CA_falu/CA.pem >> CONNECTED(0003) >> 5066:error:140790E5:SSL routines:SSL23_WRITE:ssl ha