Charles Walker wrote:
>
> One of my colleagues is currently at a customer who has a product called
> SecureLink, by OpenMarket. I don't know too much about this product,
> except that it talks SSL. It has a database which contains a private
> key, a public key, and the certificate. We have bee
Arnaud De Timmerman wrote:
>
> Dear all,
>
> Is there a way to automagically import a pkcs12 file in IE (4 & 5) ?
>
There probably is because many bit of MS software do this. However MS
wont document the API at this time so the best you can do is to convert
a PKCS#12 file to a form MS CryptoAP
[EMAIL PROTECTED] wrote:
>
> Sorry, this is long.
>
> I would like to generate a self-signed Certificate for internal testing
> purposes.
> I've downloaded OpenSSL 0.9.5a and have played a bit with the utilities.
>
> Netscape Enterprise (Suitespot) Server provides the means to generate
> key-pa
[EMAIL PROTECTED] wrote:
>
> The problem is Netscape's alias-key.db and alias-cert.db file format.
> Using Netscape utilities, you generate the key pair.
> The admin server has a link that will generate the CSR.
> You can cut and paste the CSR and submit it to a CA.
> When I tried to run it throu
Martin Lohner wrote:
>
> Hi,
>
> I used CA.pl to generate a CA and signed a certificate for myself.
> (Default openssl.cnf; OpenSSL 0.9.5 28 Feb 2000)
> After importing the cert to netcape I send a signed message to myself
> using the mutt email client.
>
> First question - maybe this one is fo
Mike Zeoli wrote:
>
> Hello Everyone,
>
>
>
> As stated before, this same certificate chain gets verified just fine when
> doing server authentication only.
>
> I have debugged into the library and know the following additional
> information:
> - In x509_vrfy.c:check_chain_purpose(), in the s
Mike Zeoli wrote:
>
> First, thanks for all your help, Steve.
>
> I'll add the appropriate extensions to the certificate.
>
> To follow up on what you said below, Why does the "intermediate" CA
> certificate only show up as invalid when doing client and server
> authentication, and not when doi
xiaohudong wrote:
>
> Hi,
> Thanks for Coronado's answer first.
> But I think my problem is not that.
> I generated three certificates,one is self siged for CA,one is for IIS server,and
> the last one is for IE.The last two are siged by the first one.
> I get every certificate in the righ
> Rosario Riccio wrote:
>
>
> I use ActiveX certenr3.dll (version 4.70.0.1150): it seems that key
> generation procedure is OK, but when I try to sign the certificate
> request in my Perl script with
>
Simple answer, don't use certenr3.dll. Its broken and has nasty security
holes. Use Xenroll.
xiaohudong wrote:
>
> Hello,
> Ahha,so many answers,thanks everyone.
> Now the problem seens more clear:the acceptable CA list send by IIS is empty.
> But I still don't know why this happens.My plateform is Win2000 Professional
> +IIS5.0,I think I have setup everything.I think that th
zhu qun-ying wrote:
>
> I encounter a error while trying to compile a small test program to read a
> pkcs12 formatted file. The line below gives compiler err:
>if (!(authsafes = M_PKCS12_unpack_authsafes (p12)))
>
> error C2664: 'ASN1_seq_unpack' : cannot convert parameter 4 from
> 'void (s
Kishore Gummadidala wrote:
>
> Dear all,
>
> I have a question which I hope someone can help me
> with. So here goes..
>
> I am trying to sign code, and package it in a PKCS7
> file. The sample program in crypto/pkcs7 namely
> sign.c and verify.c have served my purpose quite
> well. Many thanks
Martin Szotkowski wrote:
>
>
>
> >
> > SET OF should be sorted but the request is not sorted, or not sorted
> > correctly.
>
> where is defined order?
>
Each SET OF component should be in lexical order, it is in the DER
encoding rules. If you check the SET OF stuff using dumpasn1 you get:
Randall Ward wrote:
>
> Thanks for such a fast reply. I think that I'm still missing something about
> the parameters to PEM_read_PrivateKey and the callback.
>
> Based on what I learned from a posting from a few days ago, I am calling
> PEM_read_PrivateKey(fp, x, cb, u) where the parameters are
David Ahrens wrote:
>
> Hi,
>
> I'm using openssl to generate a certificate request.
> When I try to build the subject name from a given DN, there are problems
> with the DER encoding.
>
>I've attached a code fragment and the resulting PEM encoded certificate
> request.
>
Not sure wh
Michael Sierchio wrote:
>
> The man page at www.openssl.org seems to imply that this supports
> signing,
> but this fails:
>
> openssl dgst -dss1 -sign privkey.pem test.txt
> unknown option '-sign'
>
> Is there an example of using the openssl app to create DSS1 signatures?
> Tha
Richard Browne wrote:
>
> Is it possible to use openssl to add authorityInfoAccess extensions when
> signing a certificate? If so... how?
>
Yes, syntax is:
authorityInfoAccess= OID1;type, OID2;type
where 'type' has the same syntax as subjectAltName for example
authorityInfoAccess = OCSP;URI:
Marco Donati wrote:
>
> I wrote the following simple code to read a private key that's inside a
> PKCS12 object:
>
[stuff deleted]
>
> the PKCS12_parse always fail reporting
> PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE.
>
> Stepping inside it I've seen that PKCS12_verify_mac fails repor
Oleg Amiton wrote:
>
> Salam!
>
> Some time ago I've testing application, signing and verifying
> signature on files. It works OK when I used for signing the test
> certificate, including in the OpenSSL
> distribution (apps/server.pem). Private key was readed by
> PEM_read_bio_PrivateKey(in,NULL
[EMAIL PROTECTED] wrote:
>
> All,
>
> I would like to get OpenSSL to trust a CA which doesn't have a root cert,
> basically an intermediate CA..
> With a browser you can define a list of intermediate trusted CA so that you
> don't need the root cert which signed the intermediate cert.. I would l
Nicolas Roumiantzeff wrote:
>
> Hi all,
>
> I have a problem with an SSL server that uses a self-signed certificate.
> Using the standard callback function to check the certificate chain I get
> the X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT error and if I simply ignore this
> specific error then an
Some people have reported success by converting the key to NET format:
openssl rsa -in prkey.pem -outform NET -out key.net
The latest snapshot of OpenSSL also has an -sgckey flag which is needed
on some version of IIS which use a modified algorithm.
Steve.
--
Dr Stephen N. Henson. http://www
Julien Guisset wrote:
>
> Hi
> I am trying to use Certificates for a personnal application.
> I have some problems with X509_sign() and X509_verify().
>
> I am trying to sign a client CA with :
>
> X509_sign(certif, SERVER_private_key, EVP_md5()));
>
> and then verify it with
>
> X509_verify(
"Kane, Brandon (NJAOST)" wrote:
>
> I'm trying to verify a server certificate, as part of a cert chain. One of
> the CA certs, a verisign intermediate cert, fails in the verify process. I'm
> getting a "invalid CA certificate" error in the callback function. What's
> strange is that if I call:
Martha Greenberg wrote:
>
> I was able to convert the certificate with openssl pkcs7, and I installed
> the first part of it. However, now when I view the page in netscape, I get
> the message:
>
> safetymarket.safetydirector.com is a site that uses encryption to
> protect transmitted informat
s can cause all manner of misbehaviour in Netscape. What
version of Netscape are you using BTW and does your certificate include
BMPStrings?
>
> Dr S N Henson wrote:
> >
> >
> > This is one of the symptoms of a corrupted key and certificate database.
> > Back up any
Sean Walker wrote:
>
> I'm working with some data generated by a program that I have no control
> over. I am trying to verify a pkcs7 signature generated by it. Could someone
> take a look at the data I have and tell me what utilities I should use to
> accomplish this? I've never had to deal with
Sebastiano Di Paola wrote:
>
>
> Thanks for you answer ,
> I thought I had fixed my error thanks to the tip above given,
> but less changed.
> In the source code below I try to make 3 times the same operation.
> 3 different values are given as the result of the SHA1.
> I'm usign openssl 0.9.5.a
Angus Lee wrote:
>
> >= Original Message From [EMAIL PROTECTED] =
> > > I could use OpenSSL to decrypt this signed and encrypted message. Then
> when I
> > > verify the digital signature, OpenSSL told me that 'content and data
> present'.
> > > Is there anything wrong with my code?
> > Ca
Angus Lee wrote:
>
>
> b4dec.txt is the original signed and encrypted message, while afterdec.txt is
> what I got after decryption. cityuca.pem is the CA certificate of the signer.
>
OK. I've included a work around to the dev version of OpenSSL. It will
be in OpenSSL 0.9.6. If you want to fix
Angus Lee wrote:
>
> >= Original Message From [EMAIL PROTECTED] =
> >Ugh. I checked OpenSSL (Netscape?) 4.73 too and it does the same. The cause
> is that
> >Netscape isn't properly excluding the content. It is including a zero
> >length content. This is a recent addition to Netscape and
Markus Wagner wrote:
>
> Hi,
>
> when signing new certificates with openssl ca one can use the -config
> option to specify which CA and options to use.
>
> But when creating a self signed root certificate there is no such
> option.
There is an equivalent option. The normal way to create a self
Marco Donati wrote:
>
> > The usual way to do this kind of thing is to write your own RSA_METHOD
> > to hand over the signing operation (which will probably be
> > RSA_private_encrypt() ) to the smart card, then place the result in an
> > EVP_PKEY structure.
> > What this ultimately does it calls
Sebastiano Di Paola wrote:
>
> Dr S N Henson wrote:
>
> > Sebastiano Di Paola wrote:
> > >
> > > Hi all,
> > > well this could seem a stupid question,
> > > I would like to know if there is a function provided with openssl to
> > > g
Michael Mason wrote:
>
> Hi folks,
>
> I'm new here so feel free to point me at TFM.
>
> I'm using openssl and would like to sign messages using RSA. From the docs,
> it looks like I'm trying to use "openssl rsautl", but my from-source build
> of 0.9.5a doesn't seem to have this command impleme
Soul Fire wrote:
>
> Folks,
>
> Any ideas as to why this is happening ?
>
> $ openssl pkcs12 -in ./newcert.pem -inkey ./newreq.pem -certfile
>../private/CAcert.pem -out newcert.p12
>
> 3652:error:0D06B078:asn1 encoding routines:ASN1_get_object:header too
>long:asn1_lib.c:139:
>
You need t
Dicky Liu wrote:
>
> Hi, all,
>
> Currently, we have an existing system running on Windows NT using
> Microsoft's cryptoAPI which has been working okay for us. We now want to be
> able to connect to this system from a UNIX platform to transfer, sign, and
> validate data. For the UNIX platfor
Dicky Liu wrote:
>
> Thanks for the info... but was there anything obviously wrong with that test
> application that I wrote??
>
It looks OK to me but I haven't tried running it myself.
In the latest beta you can use the new -sign and -verify options on the
digest commands to generate and che
Robert Brown wrote:
>
> Hi folks,
>
> I am new to OpenSSL stuff.
>
> I configured and compiled SSL build 0.9.5a. I used VC++ (6.0) to tinker and
> build the cli.c program. I could get it to compile OK. Then I
> copied the *.dll files to the execution path and then started stepping
> through t
Zhang Jianyu wrote:
>
>
> Then, I wanted to create the sub-keys&certificates signed by the root key and
>certificate. The commands I used are as follow:
>
> openssl req -new -nodes -keyout mykey.pem -out myrequest.csr -days 365
> openssl x509 -in myrequest.csr -out mycert.crt -req -CA root.crt
Zhang Jianyu wrote:
>
> Dr S N Henson wrote:
>
> >Check out the -extfile and the -extensions options in the x509 manual
> >page.
>
> >You'll normally set those to point to the config file and either the
> >end user extension section "usr_cert&q
"Bill G." wrote:
>
> Hello List,
>
> I am trying to write a simple SSL server in C but keep getting
> a "no shared cipher" error. I'm fairly certain the key and certificates
> are OK because they work with openssl s_server.
>
> I have been playing with this code for several days and am at a lo
Marco Donati wrote:
>
> >PKCS#12 files under OpenSSL are intended to have a key and a matching
> > certificate. AFAIK the same is true of Windows and Netscape
> > import/export routines.
>
> yes, but what if you stil have to request it to a CA...
>
> > What do you want a private key alone in PK
Marco Donati wrote:
>
> I've solved my problem and I'd like to thank everybody who wrote me.
>
> I modified my low level sequence (the code I posted) to build a pkcs12
> bundle with one bag, keeping "shrouded" private key, so i used
> PKCS12_MAKE_SHKEYBAG/PKCS12_pack_p7data INSTEAD of
> PKCS12_M
Shashank wrote:
>
> Hi,
>
> I tried to create pkcs#8 certs, but on the very first step when I type
>
Well you'll have a problem there. There's no such thing as a "pkcs#8
certificate". PKCS#8 is a private key format.
> D:\certs>bash CA.sh -newca
> CA certificate filename (or enter to create)
>
Matthew Cross wrote:
>
> I can't find enough documentation regarding the setup of RC2 and DES.
> RC4 seems straight forward enough. Could someone post the 15 lines of
> code that I need?
>
If you are using the EVP interface then usage is identical except the IV
isn't used with RC4.
Use of the
secret wrote:
>
> Are there any simple code examples for using OpenSSL? There is a
> examples directory, but I can't get those to compile, and the readme
> says to not expect them to compile.
>
> The documentation seems very confusing to me, a sample client & server
> that establish a simple SS
> Matthew Cross wrote:
>
> I've read the docs. I've seen the source. I still don't totally
> understand.
>
> I'm trying to be a good doobie and use the High-level EVP_ functions
> for my RC4, RC2, and DES
> calls. But what about setting up the key? If I'm doing password
> based stuff do I ne
Aram Khalili wrote:
>
> Hello,
>
> I'm trying to include domain information into an X.509 cert Distinguished
> name. RFC2247 outlines Using Domains in LDAP/X.500 Distinguished Names.
> I've tried to include domainComponent, DC and dc in the configuration file
> under the [ req_distinguished_name
Lee Melville wrote:
>
> Hi,
>
> Here's my problem, the following code encrypts a file (i think it does
> anyhow), the test file that i use starts off as 22 bytes, the encrypted
> version is 24 ( i am not sure this is relevent). Anyhow the problem is when
> i come to decrypt the file using the o
tangquan wrote:
>
> you can verify your signature using openssl/crypto/pkcs7/verify.c .
> according to my experience, Netscape make a standand pkcs7 digital
> signature and encode it in base64 format.
>
You can but that's not advisable. With OpenSSL 0.9.6 you should use the
'smime' application.
Paulius Bulotas wrote:
>
> Hello,
>
> when I create server certificate, install it into apache, when viewing
> certificate from IE, it shows every possible usage, but in my openssl.cnf is
> only keyUsage=nonRepudiation [for test purposes].
> What am I doing wrong and how to do it correctly ;)
>
George Staikos wrote:
>
>
> The problem only seems to be reproducible on Redhat 7.0 so far, but I
> haven't had enough people test it yet. Basically, RSA/Verisign signed
> certificates all are determined to be expired by the X509 verification code.
> Thawte certificates work fine. Also if I
Frank Balluffi wrote:
>
> I am confused about how to check a key usage extension. I see that ca_check
> "calls" ku_reject, which uses the X509 ex_flags element.
>
> Is it necessary to use the ku_reject method or is it possible to call
> d2i_ASN1_BIT_STRING (to decode the KeyUsage BIT STRING) and
Shawn Page wrote:
>
> Why is it not advisable to use openssl/crypto/pkcs7/verify.c ?
>
Because it uses various internal functions that are tricky to handle and
subject to change whereas apps/smime.c uses a simpler high level API.
Though admittedly it isn't really documented yet but it will be.
admin wrote:
>
> Hi,
>
> I import my pkcs12 personal certificate (openssl generated) into IE5.5. It
> takes it without a problem and puts everything in its place: CA cert,
> personal cert, private key.
>
> The problem is that once I set up the initial security level on the private
> key (low,
Carsten Rhod Gregersen wrote:
>
>
> IBM still tell me that the connection is dropped because the
> header size don't match the packets. This of course could
> also be a IBM ssl-stack problem, but they deny that..
> (off course)
>
Can you get some more info on the precise cause? That is what he
Ramkumar Venketaramani wrote:
>
> Hi,
>
> I am trying to verify a server cert that is signed by a Intermediate CA
> (like Verisign International Server CA) but am getting a "Invalid
> Certificate" error. I understand from the mailing list that this is a known
> issue and there is a fix f
Carsten Rhod Gregersen wrote:
>
> Hi,
>
> Formerly I posted a report concerning connection test with
> client authorisation against a IBM payment gateway.
>
> You requested that I tried with the openssl program again
> but with debug turned on.
>
> I've done that and now I'm experiencing every
Ricardo Stella wrote:
>
> So with the CA's server's private key and cert (converted in pem format)
> I would be able to use them as the CA for openssl, therefore issue certs
> based on this ?
>
> Thanks...
>
Yes that should be possible.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consul
[EMAIL PROTECTED] wrote:
>
> Hello,
>
>
> Specifically, I create a new BIO_s_mem. Write to it with either BIO_puts or
> BIO_write. Then do a BIO_push(b64bio, mbio). Then BIO_read(b64bio, mybuf,
> len). It returns -1. When I ask if I should retry it says yes, but there is
> no output on the seco
[EMAIL PROTECTED] wrote:
>
> Hi,
>
> I've created a CA cert/key for testing but I want to be able to test a longer
> cert chain. Does any one know what should be in the config file if I want to
> create a CA cert req which I would sign with the root CA cert. I have tried:
>
> basicConstraints=C
Iain Betson wrote:
>
> Hi,
>
> I think I've found a problem which prevents the number of rounds of the RC5
> cipher being configured when using the EVP cipher wrapper functions with
> OpenSSL 0.9.6. The default number of rounds for the EVP_rc5_32_12_16_cbc
> cipher is 12. To change this to 16, o
"Hellan,Kim KHE" wrote:
>
> I have succeeded in loading a MIME file by using the following commands:
>
> BIO* bioIndata;
> PKCS7* p7 = SMIME_read_PKCS7(spBio, &bioIndata);
>
> I am able to extract signers certificate, but how do I extract the signed
> text?
> I have tried looking in the
Jim Grimmett wrote:
>
>
> I'm hoping to generate the two keys and encrypt a piece of information
> with the private key into a file and send it to a client. The client will
> have
> the public key and will be able to verify that the information came from
> me, because it'll decrypt successfully
Carles Xavier Munyoz Baldó wrote:
>
> Hi,
> I have a C program that uses the openssl library.
> I need to encode a string in base64.
> Is there any function in the openssl library to do that ?
> What is its sintaxis ?
>
Well one documented way is to use a base64 BIO. Check out the
BIO_f_base64(
"Hellan,Kim KHE" wrote:
>
> However, I had hoped that this functionality (verify/getText) could be
> separated. I am fully aware that in a "real" system it doesn't make sense to
> extract the text without doing a verify.
> But in a test environment, it would be nice to be able to extract the text
Pietro wrote:
>
> Hello everybody,
> I have a problem using PKCS12_parse that returns 0, meaning something
> goes wrong. I am using MS VisualC++ 6.0 on a Windows2000 (Intel)
> machine. I'm writing a simple application just to understand some the
> libeay library calls, but I can't figure out wh
Bill Klein wrote:
>
> Hi all,
>
> I'm having what seems to be a strange problem. I have code to encrypt some text
>using blowfish, and corresponding code to decrypt it. This works on compiler A: I can
>encrypt some text, and then decrypt the encrypted data correctly. This also works on
>compi
Michael Dingler wrote:
>
> > You need to do...
> >
> > openssl pkcs12 -in xxx.p12 -clcerts -out xxx.pem
> >
> > to only extract client certificates and possibly
> >
> > openssl pkcs12 -in xxx.p12 -cacerts -nokeys -out cas.pem
> >
> > to extract CA certificates.
>
> Oh thanks, that did it. With j
Robert Olson wrote:
>
> I'd like to create client certificates requested from Netscape without
> using 'openssl ca' (I have my own mechanisms for keeping track of stuff
> that ca does).
>
> I can't seem to create a cert request that doesn't have a new
> private/public key pair. This is what I've
Corrado Derenale wrote:
>
> Hi,
> anyone know how to sign a X.509 cert with the attribute:
>
> extended keyUsage
>
> set to
>
> TLS Web server authentication
>
> with the CA command?
>
Read the extension documentation in doc/openssl.txt and the ca manual
page, then edit your config file
"Hellan,Kim KHE" wrote:
>
> Well.
> If I set "flags = PKCS7_BINARY" then SMIME_crlf_copy() in PKCS7_sign() will
> not add the "plain/text" text headers.
> This seems to work, but I'm not sure if that is the right way to do it?
>
If you look at apps/smime.c the option -text is docume
Marco Donati wrote:
>
> Something strange happens if I build a multi signature PKCS7.
>
> If I add a wrong signature (certificate and key not alligned), when i try to
> verify the wrong signature is the LAST.
>
> e.g.:
>
> sign with cert 1, key 1
> sign with cert A, key B (wrong signature)
>
David VERGIN wrote:
>
> Hi,
> I'm trying to get a privatekey from a PKCS12 file. I found an interesting
> example with the sources of OpenSSL in DEMO\PKCS12\pkread.c
>
> I'm working under windows NT4 pack 5 with Visual C++, and I'm having some
> trouble having the example work.
>
> At the line
Matt Walsh wrote:
>
> Hi All (esp SSL protocol experts). Please help me to understand
> something!
>
> In short
>
> What triggers the key exchange during an SSL transaction?
>
[SKE example deleted]
Well your example is probably related to US export versions of browsers.
The old exp
Nagaraj Bagepalli wrote:
>
> >
> >
> >
> > Matt Walsh wrote:
> > >
> > > Hi All (esp SSL protocol experts). Please help me to understand
> > > something!
> > >
> > > In short
> > >
> > > What triggers the key exchange during an SSL transaction?
> > >
> > [SKE example deleted]
> >
> > We
[EMAIL PROTECTED] wrote:
>
> I'm having a bitch of a time getting client verification to work to work.
>
> I've got the root CA cert, project CA cert, and server and client certs (keys
> with passphrase removed) all in pem encoded format. I've done the following.
>
> 1.Created a new mod_ssl in
David VERGIN wrote:
>
> unfortunatelly not. I just have to get it out from a PKCS12 file to load it
> into some hardware.
> I hven't been able to get the crypto library to work right. I didn't find
> how to do it with baltimore tools.
>
Using the openssl tool:
openssl pkcs12 -in file.p12 -out
Peter Sylvester wrote:
>
> maybe you can get some inspiration from the following code.
> The code is not memory leak free.
>
> typedef struct TIAX_st {
> PKCS12 * p12 ;
> EVP_PKEY * pkey ;
> ...
>
> } TIAX ;
>
> int TIAX_login(TIAX * a,char * pass, int passlen)
> {
> ST
Stig Venaas wrote:
>
> Hi
>
> I've figured how to read certificates from a file using
> PEM_read_X509() but how can I access certificates already
> in memory? I guess I could borrow code from the internals
> of PEM_ASN1_read_bio(), but I'm hoping for a better way,
> not depending on too many low
Eric Rescorla wrote:
>
> "Dave Stafford" <[EMAIL PROTECTED]> writes:
>
> > > IE. 56k browsers can not read our ssl (Global 128) websites (I wish we
> > > could
> > > get rid of these buggy IE browsers). Searching the web I found that
> > > versions
> > > of openssl 0.9.5a and higher have this pr
Dean Guenther wrote:
>
>
> unable to load 'random state'
> This means that the random number generator has not been seeded
> with much random data.
> Consider setting the RANDFILE environment variable to point at a file that
> 'random' data can be kept in (the file will be overwritten).
> CONNEC
>
> I will use an private keys which encoding is PKCS#8.
>
> Used open-ssl version is 0.95a ...
>
> Is the usage below valid? if invalid, let me get the write usage please..
>
>
> FILE* fp;
> EVP_PKEY* pkey;
> char keyfile[] = "user1.pem";
>
> fp = fopen (keyfile,
"Visionary Website Creations, Inc." wrote:
>
> At 09:50 PM 11/17/00 +, you wrote:
> >"Visionary Website Creations, Inc." wrote:
> >>
> >> Hi,
> >>
> >> I chatted via IRC with a Thawte tech for about 3 hours. Unfortunately,
> >> we're stumped.
> >>
> >> Here's the problem:
> >>
> >> I generat
"Visionary Website Creations, Inc." wrote:
>
> >
> >What does this alleged certificate look like? Can you read it with
> >
> >openssl x509 -in cert.pem
> >
> >or does it give a similar error? Can you include the certificate file?
> >It doesn't contain anything confidential and it may be packaged
"Visionary Website Creations, Inc." wrote:
>
> At 07:54 PM 11/20/00 +, you wrote:
> >Hmmm seems OK to me too. Is that the only certificate in the file?
> >
> >I suppose it is possible that some other certificate it attempts to read
> >in somewhere is corrupt: check the trusted file or directo
"Tipton, Michael" wrote:
>
> I am using OpenSLL to extract the private keys from my IIS Key Backup files.
> I am able to accomplish this fine except for certain servers we have. These
> servers keys/certs are marked as OFX (Financial Exchange). These are a
> special type of key/cert that you have
"Tipton, Michael" wrote:
>
> Thank you,
> I'll give it a try..
>
> I'm using 0.9.5 right now.. when I tried to compile 0.9.6 I get..
>
> The symlink function is unimplemented at ./util/mklink.pl line 53.
> make: *** [links] Error 255
>
> I've banged my head on it some but if anyone knows the
Bruce Stephens wrote:
>
> "Andrew Back" <[EMAIL PROTECTED]> writes:
>
> > Has anyone used OpenSSL S/MIME module with UNIX MUAs? In particular Id be
> > interested in config for use with Pine & Mutt. Im hoping theres some glue
> > that makes things a bit more automatic than using OpenSSL command
Bruce Stephens wrote:
>
> Dr S N Henson <[EMAIL PROTECTED]> writes:
>
> [...]
>
> > There's a function X509_get1_email() which will retrieve a list of
> > email addresses both from the subject name and subjectAltName
> > extensions and arrange them i
"Visionary Website Creations, Inc." wrote:
>
> At 11:07 PM 11/20/00 +, you wrote:
> >There should be either a load of trusted certificates in a single file
> >or a directory containing them. If you are using client authentication
> >then it may try to read the whole lot in. If one is corrupt
Osama Al-Dosary wrote:
>
> Hello,
>
> I'd like to encrypt a message. But I want the encryption to be
> Public-key.
>
> Does this do the trick?
>
> "openssl smime -encrypt -in signedFile.msg \
> -out encryptedFile.msg \
> -des3 recipientCert.pem"
>
> I w
Ma'rt Laak wrote:
>
> Hello!
>
> Preface:
> I can successfully create and install client certificate into
> netscape from SPKAC request:
> openssl ca -config X -spkac X -out client.crt -days X
> and sending it back to browaser with header:
> Content-Type: application/x-x509-user-cert
>
>
[EMAIL PROTECTED] wrote:
>
> Hi,
>
> I am having a problem with the RSA functions of the openssl package.
> I want to generate an RSA key pair. Write them to disk and use them later
> (this all in linux/AIX)
> I managed to generate a keypair. But then the problem starts. I cant find
> any func
Rafa Marín López wrote:
>
> Hello, all.
>
> I have executed this instruction:
>
> char keystr[1024];
>
> RSA *rsa=RSA_generate_key((int)1024,0x10001,NULL,NULL);
>
> i2d_RSAPublicKey(rsa,&(keystr));
>
> But resultant keystr is zeroed. Why?
>
> I have verified the RSA key pair and they are co
Kikuyo Nagamatsu wrote:
>
> Hi all,
> I am a very beginner of OpenSSL.
>
> I want to add one of x509v3 extensions (AuthorityInfoAccess)
> to a certificate, but I can't.
> How can I know the way to add extensions? Is there some document?
>
> Or,if there is someone who did it, can you show me t
Kikuyo Nagamatsu wrote:
>
> Thank you for your rapid reply,
> I'm going to read the openssl.txt very well. (really to say,
> I could not understand that meaning well..I'm sorry.)
>
> When I made a self-certificate using following command,
> openssl req -x509 -newkey rsa:1024 -keyout self
Zhang Jianyu wrote:
>
> I was meeting some error when I used openssl API to develop some application by C++
>Builder 5 on Windows 2000.
> I wanted to call the PEM_write_RSAPrivateKey function in order to save a rsa private
>key of RSA strcture format as a PEM file -- it should include pem.h i
Geoff Thorpe wrote:
>
> Hi there,
>
> I think I follow your question. An RSA private key implicitly contains the
> public key already[1]. So if you have generated a key-pair and saved them
> to disk - you're already most of the way there. If you don't still have
> the private key in memory, load
1 - 100 of 457 matches
Mail list logo