In order to track down this error: Is there somebody out there, who has
been able to use a fips-capable openssl with engine_pkcs11 succesfully?
regards
Mathias
On 07/11/2012 12:32 PM, Mathias Tausig wrote:
Hello!
I am trying to sign a certificate with a FIPS enabled build of openssl
(1.0.1c
Hello!
I am trying to sign a certificate with a FIPS enabled build of openssl
(1.0.1c, FIPS object module 2.0) and the PKCS#11 engine (using a Safenet
eToken).
I did this procedure before (with the non-fips version) using an openssl
config file:
openssl_conf = openssl_def
[openssl_def]
engines
Hello!
Which padding method does openssl use, when I sign a certificate with
the 'ca' command (using an RSA key)?
Is there a way to change it?
cheers
Mathias
smime.p7s
Description: S/MIME Cryptographic Signature
Did you specify the -inform der option?
On 05/11/2012 01:35 PM, brajan wrote:
I am getting the below error message when i am try to READ the CRL content .
19104:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
tag:tasn_dec.c:1294:
19104:error:0D07803A:asn1 encoding
On 02/01/2012 12:59 PM, Bram Cymet wrote:
Hi,
I am attempting to use openssl with the Luna SA HSM. I am getting the
following error:
can't use that engine
140064027543208:error:2606B08C:engine routines:ENGINE_finish:dsa not
implemented:e_lunaca3.c:710:DSO not set
Hy!
If I revoke a certificate using the -revoke option of the ca command
and pass it a certificate which is issued by a different CA, this is not
checked by openssl.
Which has the consequence, that (if the serial number of the certificate
to be revoked is not present yet) a new entry is added to
On 11/28/2011 08:33 AM, prabhu kalyan rout wrote:
Hi,
my question is how many certificate storage formats are available and
what are they?
just like del pks12
To my knowledge, there is PEM, DER, PKCS#7 and PKCS#12.
cheers
Mathias
Hello!
If I revoke a certificate using the ca command and manually set the
invalidity date with the -crl_compromise option, the revocation reason
is automatically set to keyCompromise. If I try to override this
behaviour by setting -crl_compromise and -crl_reason (to something else,
like
The rpoblem is, that the handling of the samrt card is a bit complicated in the
state it is now, and I'm simply not sure, wether I am able to make the
certificate without using the private key at all (that is without signing, too).
cheers
Mathias
Am 01. Oct 2007, schrieb Mike Nelson:
Yes.
are issuing a self-signed certificate, then you'll need to use the
private key on the smart-card in order to generate the signature needed in
the certificate.
I hope this clarifies your doubts :D
Later,
Max
Mathias Tausig wrote:
Hy!
Is it possible to create a certificate
Hy!
Is it possible to create a certificate with openssl without using the
coresponding private key (which is stored in a smartcard) but with the public
key only?
Mathias
__
OpenSSL Project
11 matches
Mail list logo
