the appropiate headers, libraries, dev package
using aptitude
HTH
Kind regards/met vriendelijke groet,
Serge Fonville
http://www.sergefonville.nl
Convince Google!!
They need to support Adsense over SSL
https://www.google.com/adsense/support/bin/answer.py?hl=enanswer=10528
http://www.google.com/support/forum
)
Is this at all possible? (using OpenSSI)
Thanks a lot in advance
Regards,
Serge Fonville
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Just a thought.
If the MAC is part of the client certifcate, why would that prevent anything?
If you want to check the MAC, do that somewhere else, because if the
client can see it is in the cert, it can be spoofed
HTH
Regards,
Serge Fonville
On Wed, Sep 9, 2009 at 2:32 PM, Anoop C
All services are loadbalanced and will transparantly fail over
To prevent split-brain I use a serial null-modem cable with heartbeat
Thanks a lot in advance
Regards,
Serge Fonville
__
OpenSSL Project
that uses a certificate issued by any CA
Bacically, are you distributing keys to terminals?
Regards,
Serge Fonville
On Wed, Sep 2, 2009 at 8:21 AM, Yin, Ben 1. (NSN - CN/Cheng
Du)ben.1@nsn.com wrote:
OK, regarding the CA deploy, such as, we have a one root ca and 1000 sub ca
signed by root ca
Serge Fonville
Sent: Wednesday, September 02, 2009 11:28 AM
To: openssl-users@openssl.org
Subject: Re: Verify certificate using subordinate ca
How do you think compromising a CA would occur, because a CA could
only becom compromised when someone leaks the key for that specific CA
, don't use openssl default verify functionality?
Br
Ben
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville
Sent: Wednesday, September 02, 2009 11:59 AM
To: openssl-users@openssl.org
Subject: Re: Verify
please show me the client side code? :-)
Thanks.
Br
Ben
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of ext Serge Fonville
Sent: Wednesday, September 02, 2009 12:43 PM
To: openssl-users@openssl.org
Subject: Re: Verify
put in a vault
* Store only the CA certificates (not the keys) and the server
certificate and key on your server.
Obviously all keys are encrypted using a strong password...
Regards,
Serge Fonville
To answer your original question, you can not verify a chain without
all chain members to verify
/blogs/securitymonkey/howto-securing-a-website-with-client-ssl-certificates-11500
http://publib.boulder.ibm.com/infocenter/tpfhelp/current/index.jsp?topic=/com.ibm.ztpf-ztpfdf.doc_put.cur/gtps5/s5vctch.html
http://nl.wikipedia.org/wiki/Secure_Sockets_Layer
HTH
Regards,
Serge Fonville
On Wed, Sep 2
the root in the chain check,
but it should be part of the chain?
HTH
Regards,
Serge Fonville
On Tue, Sep 1, 2009 at 1:04 PM, Yin, Ben 1. (NSN - CN/Cheng
Du)ben.1@nsn.com wrote:
Hi,
It there a way to verify certificate with out root ca? I have 4 certificate:
rootca.pem is the root ca (self
Hi,
I was wondering, is it possible to specify all settings that are in
openssl.cnf on the commandline as well?
This would make generating certificates a lot easier.
Thanks in advance
Regards,
Serge Fonville
__
OpenSSL Project
'
Are you distributing the keys as well?
HTH
Regards,
Serge Fonville
On Tue, Sep 1, 2009 at 2:13 PM, Yin, Ben 1. (NSN - CN/Cheng
Du)ben.1@nsn.com wrote:
I only want to verfiy the signature (I mean the procedure when sub ca
sign the certiticate). So I guess sub ca and certification should has
of the purpose of the root ca if it should not
need to be trusted
Regards,
Serge Fonville
On Tue, Sep 1, 2009 at 3:52 PM, Yin, Ben 1. (NSN - CN/Cheng
Du)ben.1@nsn.com wrote:
No. In our enviroment. The root CA private key is isolated and absolutly
safe. Regarding the compromised, I means CA can't
-outform DER -out ..\demo_store\certs\cert_server.der -CAform DER -CA
..\demo_store\certs\ca_cert.der -CAkeyform PEM -CAkey
..\demo_store\private\ca_private_key.pem -CAcreateserial
Regards,
Gerald
On Mon, Aug 17, 2009 at 7:20 PM, Serge Fonville
serge.fonvi...@gmail.comwrote:
What does your
The request is signed with the ca private key.
What command do you use when you start the s_server
HTH
Regards,
Serge Fonville
On Tue, Aug 18, 2009 at 10:38 AM, vishal saraswat
vishalsaraswat...@gmail.com wrote:
Hi,
To my surprise. I tried the same steps and I am getting a similar kind
I forgot,
I used this as examples
http://www.g-loaded.eu/2005/11/10/be-your-own-ca/
Also, googling on openssl certificate authority seems to belp
On Tue, Aug 18, 2009 at 10:51 AM, Serge Fonville
serge.fonvi...@gmail.comwrote:
The request is signed with the ca private key.
What command do you
certificate to verify its contents
Regards,
Serge Fonville
On Mon, Aug 17, 2009 at 4:41 PM, Gerald Iakobinyi-Pich
nutri...@gmail.comwrote:
Hello,
I am trying to create a certificate, on win, and I am having some troubles
with OpenSSL. First I generate a key. That's ok. Then I create
On Mon, Aug 17, 2009 at 6:31 PM, Serge Fonville
serge.fonvi...@gmail.comwrote:
Hi,
I assume you have done a lot of googling and have read the docs
extensively.
First, what is your end goal?
Since creating a certificate and having it signed by your own CA is not
that difficult.
What
;c...@next-motion.de rfc822%3...@next-motion.de
Action: failed
Status: 5.2.2
X-Display-Name: Carsten Breitbarth - next.motion OHG
-- Forwarded message --
From: Serge Fonville serge.fonvi...@gmail.com
To: openssl-users@openssl.org
Date: Mon, 17 Aug 2009 18:20:37 +0200
Hi,
I figured out what I did wrong,
after a lot of googling I found that I needed to add copy_extensions = copy
to the ca_default section
After this, it woiks as expected.
Thanks for the help.
Regards,
Serge Fonville
On Sat, Aug 15, 2009 at 4:10 AM, Klarth kah@gmail.com wrote:
What
rather
solve it in a different way.are there reasons why it needs to be done like
this?
Thanks in advance
Regards,
Serge Fonville
Hi Goetz.
Did the request contain the subjectAltName extension ?
Did the openssl.cnf file contain the copy_extensions entry ?
No it did not.
Thanks!
That completely solved my problem
Regards,
Serge Fonville
need to change.
What Am I doing wrong?
Windows Vista Home Premium x64
Apache 2.2 x64
Openssl 0.9.8e x64
Thanks in advance,
Serge Fonville
Hi,
well I have to create a certificate for our maindomian as well as for some
subdomains.
Use a wildcard domain for your CN
Unless each domain had a separate IP
You need to specify *.mydaomin.tld as the CN
HTH
Regards,
Serge Fonville
Has anyone of you an idea how to get that done, so
,
Serge Fonville
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord
NSS is
the worst.
If anyone disagrees, please explain why!
HTH
Regards,
Serge Fonville
On Tue, Aug 11, 2009 at 9:35 AM, Roger No-Spamroger_no_s...@hotmail.com wrote:
Recently there has been some discussion on th Internet regarding so called
null-prefix attacks, see
http://www.thoughtcrime.org
Recently there has been some discussion on th Internet regarding so called
null-prefix attacks, see
http://www.thoughtcrime.org/papers/null-prefix-attacks.pdf. Is openssl
vulnerable to this attack?
I read the PDF and my first question would be.
How is this relevant to openssl, since it is
Hi,
How do I get an issuer statement (when viewed in IE).
What settings in openssl.cnf are required and do I need to specift any
extra commandline switches?
Thanks in advance
Regards,
Serge Fonville
__
OpenSSL Project
... was omitted from the manual pages, better
fix that.
I'll look into that
Regrds,
Serge Fonville
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users
anyone else with a similar problem can use it
I probably forgot some important points. so please do point them out
Thanks a lot in advance!!!
Regards,
Serge Fonville
@echo off
md C:\ProgramData\OpenSSL\Fonville IT CA
cd /d C:\ProgramData\OpenSSL\Fonville IT CA
md root
cd root
type NUL index.txt
31 matches
Mail list logo