On Wed, Jan 12, 2011 at 3:40 PM, Mark H. Wood mw...@iupui.edu wrote:
On Tue, Jan 11, 2011 at 05:39:19PM +0100, Fredrik Strömberg wrote:
Hello Patrick,
Thank you for your email. I somehow managed to miss the word
mandatory in the manual. I guess there´s nothing else for me to do
than code a
Ah. I did not understand that referenced by browser vendors meant
we were talking about inclusion in their canned trust stores. Thanks,
both of you.
--
Mark H. Wood, Lead System Programmer mw...@iupui.edu
Asking whether markets are efficient is like asking whether people are smart.
On Tue, Jan 11, 2011 at 07:23:54PM +0100, Erwann ABALEA wrote:
In order to be referenced by browser vendors (Opera comes to mind, and
I think Mozilla will require this), the serial number MUST be random
(or at least *appear* random from the outside).
Oh, now I'm curious. How do they test the
On Tue, Jan 11, 2011 at 05:39:19PM +0100, Fredrik Strömberg wrote:
Hello Patrick,
Thank you for your email. I somehow managed to miss the word
mandatory in the manual. I guess there´s nothing else for me to do
than code a file lock. I need to run multiple openssl instances, and
openssl
Hodie pr. Id. Ian. MMXI, Mark H. Wood scripsit:
On Tue, Jan 11, 2011 at 07:23:54PM +0100, Erwann ABALEA wrote:
In order to be referenced by browser vendors (Opera comes to mind, and
I think Mozilla will require this), the serial number MUST be random
(or at least *appear* random from the
On 1/12/2011 6:48 AM, Mark H. Wood wrote:
Oh, now I'm curious. How do they test the randomness of a single
sample? 1 is every bit as random (or nonrandom) as
0xdcb4a459f014617692d112f0942c89cb.
They don't validate the number itself, they validatet hat the method by
which the number was
Hello,
I want to sign a certificate without using the index or serial files.
Can someone tell me how to disable them?
Not using -config makes openssl use the compiled default, and using my
own while commenting out database and serial gives me the error
variable lookup failed for
Hi Frederik,
-Original Message-
From: Fredrik Strömberg
I want to sign a certificate without using the index or serial files.
Can someone tell me how to disable them?
you can't. But why would you care about openssl internals? Just generate your
certificates and fine.
Not using
On Tue, Jan 11, 2011 at 4:40 PM, Eisenacher, Patrick
patrick.eisenac...@bdr.de wrote:
Hi Frederik,
-Original Message-
From: Fredrik Strömberg
I want to sign a certificate without using the index or serial files.
Can someone tell me how to disable them?
you can't. But why would you
Fredrik Strömberg a écrit :
Hello,
I want to sign a certificate without using the index or serial files.
Can someone tell me how to disable them?
Not using -config makes openssl use the compiled default, and using my
own while commenting out database and serial gives me the error
variable
On 1/11/2011 7:02 AM, Fredrik Strömberg wrote:
(For the curious: I don´t need serial because I only identify with CN,
and I don´t need a database because I will never revoke any
certificates.)
The problem is, everybody else identifies by serial. So unless you don't
plan to interoperate with
On 01/11/2011 05:50 PM, Dominique Lohez wrote:
Fredrik Strömberg a écrit :
Hello,
I want to sign a certificate without using the index or serial files.
Can someone tell me how to disable them?
by using the command x509 and not ca for example.
you can use a serial number based on a date
Hodie III Id. Ian. MMXI, Peter Sylvester scripsit:
by using the command x509 and not ca for example.
you can use a serial number based on a date
seconds plus processid for example) to guarantee
uniqueness.
More on this. A serial number MUST be unique (by X.509 design), and
SHOULD be random
13 matches
Mail list logo