I have struggled with SSL/TLS in the past.
Good list of books. I checked amazon's table of contents and it looks like
Joshua Davies has written a more comprehensive book with lots of code. Clearly
it seems to me to be a better book with good reviews.
Rolf Oppliger's book is more than
Hi,
Is there any material available that shows flows of
one-way/two-ssl and different types of CA architectures ? We use two-way
SSL and generate CSR's and update expired certificates and we are aware
of the basic points.
I have browsed the NIST website.
Thanks,
Mohan
chain: in Java
From: owner-openssl-us...@openssl.org On Behalf Of Mohan Radhakrishnan
Sent: Friday, 13 May, 2011 00:35
So I tried that procedure.
If you export your existing leaf cert, and concatenate it
with the new intermediate and import that combination, it will work.
1. If my
I also saw this message
Top-level certificate in reply:
Other certificate details are printed
... is not trusted. Install reply anyway? [no]: yes
Certificate reply was installed in keystore
Thanks,
Mohan
-Original Message-
From: Mohan Radhakrishnan
Sent: Monday, May 16, 2011 9:43
in the keystore
chain
From: owner-openssl-us...@openssl.org On Behalf Of Mohan Radhakrishnan
Sent: Thursday, 12 May, 2011 00:04
I think I have been able to replace only the intermediate
certificate
which has a different validity period. I believe this can be done
because what the intermediate
-
From: Mohan Radhakrishnan
Sent: Friday, May 13, 2011 9:28 AM
To: 'openssl-users@openssl.org'
Subject: RE: Replace renewed intermediate certificate in the keystore
chain
Hi,
Actually the procedure is similar
1. Use Keytool and convert JKS to PKCS12.
2. Use OpenSSL to convert PKCS12 contents
Hi,
I have checked my keystore and truststore and the intermediate
certificate alone is going to expire.
I have received a renewed intermediate pem. I believe it is common
practice to just replace an expiring intermediate certificate instead of
the root. The root will expire in2025.
I have
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of John R Pierce
Sent: Wednesday, May 11, 2011 12:47 PM
To: openssl-users@openssl.org
Subject: Re: Replace renewed intermediate certificate in the keystore
chain
On 05/10/11 11:03 PM, Mohan
Hi,
Have a question. Is this the Windows native store for CA
certificates ? Which MS help doc. are you referring ? We want a secure
storage facility for all our certificates but we don't to buy a
separate product.
Thanks,
Mohan
On Wed, Sep 8, 2010 at 5:10 AM, Dongsheng Song
at 6:24 AM, Mohan Radhakrishnan
radhakrishnan.mo...@gmail.com wrote:
Hi John,
Yes. We do use SSL certificates. You can consider me a
newbie. I am just trying to understand the ways to roll an
intermediate or any other certificate that is going to expire soon
without causing
Hi,
Is there any material that shows how to roll to new
certificates using OpenSSL ? I am looking for a test case to
understand how this works. Anyone know about this ?
Thanks,
Mohan
__
OpenSSL Project
am trying to roll to a new
certificate without bringing down my java application.
Thanks,
Mohan
On Thu, Aug 19, 2010 at 2:11 PM, John Doe jd...@yahoo.com wrote:
From: Mohan Radhakrishnan radhakrishnan.mo...@gmail.com
Is there any material that shows how to roll to new
certificates
Hi,
Two-way SSL is sometimes very confusing. I know that a
keystore and a truststore are always involved in two-way SSL
communication. Are there various forms of two-way SSL ?
1. We want to open a server socket and also act as a client.
2. Similary the server also can be a client because
Hi,
Please ignore if this question belongs else where but it looks
like the OP is storing and retrieving SSL certificate from a Windows
store. I have been looking for ways to use the Windows store to secure
SSL certificates and keys and SFTP keys.
Is windows or any other method recommended
Hi,
Are there any options in OpenSSL to compare two certificate
chains based on some parameters. Could the comparison parameters be
fingerprints, validity, algorithm and other features like CRL url's ?
Thanks,
mohan
__
Hi,
We see this message no available certificates or key
corresponding to the cipher suites even before establishing a
handshake. It is a mutual handshake. So keystores and truststores are
there on both sides. Algorithms are RSA.
Could this be caused due to a RSA bit size mismatch ? Would
Possibly not. I meant that there could be 3 problems
1. Algorithm mismatch
2. Certificate imported in an incorrect keystore.
3. No trusted certificate chain.
Trying to home in on one of the problems.
Thanks,
Mohan
On Fri, Dec 4, 2009 at 4:24 PM, Mohan Radhakrishnan
radhakrishnan.mo
...@princetonpayments.com wrote:
From: owner-openssl-us...@openssl.org On Behalf Of Mohan Radhakrishnan
Sent: Friday, 04 December, 2009 05:54
We see this message no available certificates or key
corresponding to the cipher suites even before establishing a
handshake. It is a mutual handshake. So
Hi,
I have a CA-signed certificate chain and whenever the SSL
handshake is going on I see 'UnparseableException' related to CRL
URL's. This particular URL seems to point to the CA's LDAP. What
exactly is going on here ? The handshake succeeds but I am trying to
understand if this is an
I have an ASCII text file with a chain of certificates. I had earlier
sent a CSR and got these certificates back from the CA.
When I opened the ASCII file I see some text before and after ---BEGIN
CERTIFICATE-- and --END CERTIFICATE--
I removed this test because they were file names like
What is the link between the existing key's alias and the alias used
while importing the CA-root and sub-root certificates ?
The CA-root and sub-root certificates have been imported with new
aliases. The old alias throws an error.
Thanks,
Mohan
On Thu, Aug 27, 2009 at 2:35 PM, Mohan
Not it does not look like I need OpenSSL. The following Java command
could import the entire chain.
keytool -import -alias visaftpsflux -file visacertificateedited.cer
-trustcacerts -keystore FSSNABMAPSVISA.jks -storepass password
Further testing is required.
Mohan
On Thu, Aug 27, 2009 at
22 matches
Mail list logo
