On Tuesday 13. August 2013 06:17:35 redpath wrote:
I have a best practices question on CA management for signing.
I have created CA signing cert and issue all other certs using this
CA to sign them.
1) I noticed that many CA examples set a term of 3650 days, is this commmon
practice
How
Issue is fixed.
So long as it's OK to generate the same random bytes at each power-on.
This is quite a common problem with embedded devices: even after boot it
can be hard to find entropy with which to seed the PRNG. The usual
sources which are used in a PC environment (keystrokes, ethernet
Thanks and as for the last question number (5) I meant I simply replace the
SSL cert and assume there
will be a challenge to accept the new certificate by a browser? I revoke the
old one SSL cert.
--
View this message in context:
On Wednesday 14. August 2013 04:10:23 you wrote:
Thanks and as for the last question number (5) I meant I simply replace the
SSL cert and assume there
will be a challenge to accept the new certificate by a browser? I revoke the
old one SSL cert.
I still don't get it. If you have revoked your
On 08/14/13 09:08, Mat Arge wrote:
On Wednesday 14. August 2013 04:10:23 you wrote:
Thanks and as for the last question number (5) I meant I simply replace the
SSL cert and assume there
will be a challenge to accept the new certificate by a browser? I revoke the
old one SSL cert.
I still don't
I have a CA cert in pem format that uses ecdsa. I have tried to display
the contents with:
openssl x509 -in x509-ca.pem -text -nameopt multiline -noout
I get errors:
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Unable to load Public Key
From: owner-openssl-us...@openssl.org On Behalf Of Robert Moskowitz
Sent: Wednesday, 14 August, 2013 15:49
I have a CA cert in pem format that uses ecdsa. I have tried
to display the contents with:
openssl x509 -in x509-ca.pem -text -nameopt multiline -noout
I get errors:
From the documents of http://www.openssl.org/docs/apps/ciphers.html and
CHANGES with the source code, RFC3268 is stated to be supported.
But I cannot get the following ciphers by using openssl ciphers. (I have
used openssl1.0.1e and openssl0.9.8y)
TLS_DH_DSS_WITH_AES_128_CBC_SHA
