Re: how to download a certificate to browser?
I set up my own CA and sign client certificates. I can use the program of perl provided by F.J Hirsch in his paper" Introducing SSL and Certificates using SSLeay" to download certificate to netscape browser. But I can not use my C program to do the work. [...] And this is my C program: ifstream in("/usr/local/ssl/certs/cert.result"); cout"Content-Type: application/x-x509-user-cert\n" endl; ^^ ^^ here you have two new lines, which terminate the header, so Content-Length will be read as part of the body. Remove the \n, endl does all you want here. Jochen __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Problem whith PKCS12 and DSA
Maybe but probably not in OpenSSL. DSA private keys in PKCS#8 (which PKCS#12 uses) have a standard format defined in PKCS#11 but this is well hidden. As a result vendors have often made up their own "standard". There are currently three different formats which are in use. Maybe yours is another form. Try the latest OpenSSL snapshot and see if that works: it has support for all three forms. If it doesn't then please send me a test file and password and I'll see if I can add support for another broken DSA format. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ I tried again whith the first beta release of OpenSSL 0.9.5, and I had the same error. Here comes the PKCS12 file test. It was created whith Baltimore Toolkit "PKI-plus". Password is : matranet Thanks for all. AutoSign_1024_DSA.p12
Re: how to download a certificate to browser?
Thanks a lot to Robert,Mike and Massimiliano for your help. I got a some suggestion form Hirsch as following: I believe the problem is that the join can take multiple lines (if the cert is over multiple lines, and make them into one string), but the C++ code is including the newlines. I am not familiar with getline, I think fgets includes the newline. So my suggestion is check that you are not incorporating newlines in your concatenation. So I modified my program as: char result[2000],ch; int i=0; CERT=fopen("/usr/local/ssl/certs/cert.result"); printf(Content-Type: application/x-x509-user-cert\n\n"); while( ((ch=getc(CERT))!= EOF) ((ch=getc(CERT))!= '\n') ) result[i++] = ch; fclose(CERT); printf ("%s",result); I can only use print "Content-Type: application/x-x509-user-cert\n\n"; in perl to have the certificate installed in browser. print "Content-Length: $len\n\n"; is not necessary. But I still can not get certificate at browser although it has been signed by CA. What's more, strlen(result) is not equal to i. For example, i is 834 but strlen(result) is 30. I do not know the reason. Can you offer any help? Thanks! Karl __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Certificates and authorities.
winterlion wrote: Okay, I'm trying to get a test WWW-server setup. And am not ready yet to pick up official cert... Is it possible to run a test-cert for a short period (and how to limit period) that at least netscape 4 will accept (though maybe with a warning)? You could simple use a certificate expiring after 30 days. If you still want to use it, simply renew it... C'you, Massimiliano Pala ([EMAIL PROTECTED]) S/MIME Cryptographic Signature
RE: Problem importing Certs in Netscape windows.
Thanks a lot, but I had done what you suggest me, and the browsers saids the same, that the certificate is not valid or may be corrupted (only in windows).:-( Note: I had installed in the browser the signer´s certificate. Any help, please? Thanks in advance. - Original Message - From: Barnes, Michael L. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, February 24, 2000 5:53 PM Subject: RE: Problem importing Certs in Netscape windows. that is how I do it, except I export the p12 with the -name "Some name" field. I thought that was required for all netscape p12s but apparently not if it works under linux. Mike -Original Message- From: Francisco Javier Martínez Martínez [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 24, 2000 4:36 AM To: [EMAIL PROTECTED] Subject: Problem importing Certs in Netscape windows. Hello. Recently I had setup a test CA. I had created and signed a few certificates with openssl, whichs can be imperted in PKCS12 format without problems into Linux Netscape, I had tested encripted and signed emails succefully, but when I had tried to import the same certificates into Windows Netscape the system says: 'it can´t be imported because they are no valids certificates or may be corrupted'. Some time ago I read that this could be something related with the headers of the certificate in 'PEM' format that it expects that start with or without something. Anyone can told what I should to do or what is wrong. In outlook works fine. To generate the cliebnt certificates: 1. Genering private keys. # openssl genrsa -rand ./private/.rand.dat -des3 1024 xxkey.pem 2. Genering CSR # openssl req -new -config openssl.cnf -key xxkey.pem -out xxreq.pem 3. Signing the CSR. # openssl ca -config openssl.cnf -in xxreq.pem -out xxcert.pem 4.1. Exporting in Netscape PKCS12 format. # openssl pkcs12 -export -in xxcert.pem -inkey xxkey.pem -out xx.p12 4.2. Exporting MS Ootlook PKCS12 format. # openssl pkcs12 -export -in xxcert.pem -inkey xxkey.pem -keysig -keyex -out xx.pfx Thanks in advance. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL 0.9.5 beta1 available
At 18:45 24.02.00 , Ulf Moeller wrote: The first beta release of OpenSSL 0.9.5 is now available from the OpenSSL FTP site URL: ftp://ftp.openssl.org/source/. The release of OpenSSL 0.9.5 is scheduled for next Monday. To make sure that it will work correctly, please test this version (especially on less common platforms), and report any problems to [EMAIL PROTECTED]. Built and tested OK on Linux/PPC, glibc-2.1.3, gcc-2.95.2: OpenSSL 0.9.5beta1 24 Feb 2000 built on: Fri Feb 25 05:55:53 MST 2000 platform: linux-ppc options: bn(64,32) md2(int) rc4(ptr,int) des(idx,cisc,4,long) idea(int) blowfish(idx) compiler: gcc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall Just one minor nit, please incorporate this patch, cause gcc knows about longlong: diff -u Configure.~1~ Configure --- Configure.~1~ Wed Feb 23 15:45:22 2000 +++ Configure Fri Feb 25 05:53:17 2000 @@ -270,7 +270,7 @@ "debug-linux-elf","gcc:-DREF_CHECK -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence:BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_elf_asm", "linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:$x86_out_asm", "linux-mips", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::", -"linux-ppc","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)", +"linux-ppc","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::", "NetBSD-sparc","gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::", "NetBSD-m68", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL:::", "NetBSD-x86", "gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG $x86_gcc_des $x86_gcc_opts:", Thanks, Franz. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Installing as Root into NS and MSIE
drew wrote: does anyone have information about getting ones CA cert installed into Microsoft and Netscapes Browsers, ie becoming a fully qualified CA I think a few hundred thousand dollars (US) would do it. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Confused: RSA - DH - Keys - Certificates authentication?
"Grebelsky, Konstantin" wrote: I have the following problem: I have a server and client application. All I want to do is to secure (encrypt) the link (TCP/IP) between the applications. I want to be able to authenticate both parties upon connection using public key. I don't want to use certificates. The idea is that I'd authenticate the remote party using just public key. But authentication is done with private keys... As far as I understood from different sources this is not possible without RSA since with DH we can not get public keys (limitations of SSLeay)? Thus either I have to pay RSA or I have to create or obtain certificates to use with DH because then I will be able to authenticate client and server without need to get and save actual public keys? DH public keys include the public DH parameters, which may be shared among a group of users. There are profiles for embedding DH parameters in X.509 certs, and while DH cannot be used to create digital signatures (i.e. an authenticator which may be verified by any third party), there are methods of proof-of-possession of the private key corresponding to a cert. So, for pairwise auth or encryption, you can use DH. I have no idea how to do this in OpenSSL. You still should sign certs with DSA or RSAwithMD5 or some such. For using unsigned Diffie-Hellman certs, and the certificate discovery protocol used in SKIP, see http://www.skip-vpn.org/ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Certificate management tools
On Thu, 24 Feb 2000, Mike Hoegeman wrote: Andy Moskoff wrote: andy, you rule. send me a copy.. -mike Sure. Its attached. Remember -- its still pretty basic and may have some bugs (in fact, it probably does). The only thing I ask is that you send me any changes you make (diff -c or the whole thing). I decided to keep the tcl code very basic as I didn't know what version people were building their expectk with. --- Andy Moskoffe-mail: [EMAIL PROTECTED] Senior Software Engineer Symark Software -BEGIN GEEK CODE BLOCK- Version: 3.12 GCS d- s: a+ C UL+++ P++ L++ E--- W N++ o-- K- w--- O- M- V- PS PE Y PGP- t++ 5- X+ R- tv b+ DI++ D G-- e++ h+ r y+ --END GEEK CODE BLOCK-- #!/bin/sh #\ exec expectk -f "$0" ${1+"$@"} # Copyright (c) 2000 Symark Software. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # # 1. Redistributions of source code must retain the above copyright #notice, this list of conditions and the following disclaimer. # # 2. Redistributions in binary form must reproduce the above copyright #notice, this list of conditions and the following disclaimer in #the documentation and/or other materials provided with the #distribution. # # 3. All advertising materials mentioning features or use of this #software must display the following acknowledgment: #"This product includes software developed by Symark Software #for use in the OpenSSL Toolkit. (http://www.symark.com/)" # # 4. Redistributions of any form whatsoever must retain the following #acknowledgment: # "This product includes software developed by Symark Software # for use in the OpenSSL Toolkit (http://www.symark.com/)" # # THIS SOFTWARE IS PROVIDED BY SYMARK SOFTWARE ``AS IS'' AND ANY # EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL SYMARK SOFTWARE OR # ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED # OF THE POSSIBILITY OF SUCH DAMAGE. # # Show error to user # proc showerror { msg reason } { catch {destroy .dialog} tk_dialog .dialog "Certificate Utility Error" \ "$msg: \n$reason" error 0 OK } # # Show informational message # proc showinfo { msg } { catch {destroy .dialog} tk_dialog .dialog "Certificate Utility Message" $msg info 0 OK } # # Procedure to create panel for new certificate requests # proc newreq { w m } { global tkca_newreq global tkca # Set the following values then generate the request # Country Name (2 letter code) [AU]: # State or Province Name (full name) [Some-State]: # Locality Name (eg, city) []: # Organization Name (eg, company) [Internet Widgits Pty Ltd]: # Organizational Unit Name (eg, section) []: # Common Name (eg, YOUR name) []: # Email Address []: # Remove existing window if any... catch "destroy [winfo children $w]" catch "destroy [winfo children $m]" # Enable Pass Phrase Option .main.menubar.options.menu entryconfigure 0 -state normal set tkca(passphrase) 1 # Set defaults set tkca(title) "Generate a Certificate Request" set tkca_newreq(cc) US set tkca_newreq(st) California set tkca_newreq(ln) "Westlake Village" set tkca_newreq(org) "Symark Software" set tkca_newreq(ou) Engineering set tkca_newreq(cn) Symark set tkca_newreq(email) [EMAIL PROTECTED] set tkca_newreq(passphrase) {} set tkca_newreq(newreq) newreq.pem set tkca_newreq(days) 10 # New request panel label $w.l_cc -text "Country Code" entry $w.e_cc -width 3 -textvariable tkca_newreq(cc) label $w.l_st -text "State or Province Name" entry $w.e_st -width 25 -textvariable tkca_newreq(st) label $w.l_ln -text "Locality Name" entry $w.e_ln -width 25 -textvariable tkca_newreq(ln) label $w.l_org -text "Organization Name" entry $w.e_org -width 25 -textvariable tkca_newreq(org) label $w.l_ou -text "Organization Unit" entry $w.e_ou -width 25 -textvariable tkca_newreq(ou) label $w.l_cn -text "Common Name" entry $w.e_cn -width 25 -textvariable
Re: Confused: RSA - DH - Keys - Certificates authentication?
Michael Sierchio wrote: "Grebelsky, Konstantin" wrote: As far as I understood from different sources this is not possible without RSA since with DH we can not get public keys (limitations of SSLeay)? Thus either I have to pay RSA or I have to create or obtain certificates to use with DH because then I will be able to authenticate client and server without need to get and save actual public keys? DH public keys include the public DH parameters, which may be shared among a group of users. There are profiles for embedding DH parameters in X.509 certs, and while DH cannot be used to create digital signatures (i.e. an authenticator which may be verified by any third party), there are methods of proof-of-possession of the private key corresponding to a cert. So, for pairwise auth or encryption, you can use DH. I have no idea how to do this in OpenSSL. OpenSSL doesn't support DH certificates though it may in future. My queries about test vectors for DH X9.42 parameter generation in lots of places (including S/MIME v3 where it is supposed to be a mandatory algorithm) have resulted in zero replies. Conclusions about the popularity of X9.42 are left as an exercise for the reader... Anyway back to the original posters query: "Grebelsky, Konstantin" wrote: I have the following problem: I have a server and client application. All I want to do is to secure (encrypt) the link (TCP/IP) between the applications. I want to be able to authenticate both parties upon connection using public key. I don't want to use certificates. The idea is that I'd authenticate the remote party using just public key. Whats wrong with using certificates? You can have client and server use DSA self signed certificates and uses SSL without RSA. You then wont have problems with either the RSA patent or getting a CA to issue certificates. Alternatively if you insist on not using certificates then you can use anonymous DH and authenticate using whatever method you wish. External authentication is advisable because without it anon DH is vulnerable to a man in the middle attack. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Problems compiling on Solaris x86 (7)
I am trying to compile OpenSSL on my solaris x86 box and I receive the error message below. can anyone help? make[2]: Entering directory `/usr/agray/openssl-0.9.4/crypto/sha' gcc -I.. -I../../include -DTHREADS -D_REENTRANT -O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c sha_dgst.c -o sha_dgst.o Assembler: sha_dgst.c aline 274 : Illegal mnemonic aline 274 : syntax error aline 279 : Illegal mnemonic aline 279 : syntax error aline 284 : Illegal mnemonic aline 284 : syntax error aline 289 : Illegal mnemonic aline 289 : syntax error aline 472 : Illegal mnemonic aline 472 : syntax error aline 477 : Illegal mnemonic aline 477 : syntax error aline 482 : Illegal mnemonic aline 482 : syntax error aline 487 : Illegal mnemonic aline 487 : syntax error make[2]: *** [sha_dgst.o] Error 1 make[2]: Leaving directory `/usr/agray/openssl-0.9.4/crypto/sha' make[1]: *** [subdirs] Error 1 make[1]: Leaving directory `/usr/agray/openssl-0.9.4/crypto' make: *** [all] Error 1 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Problem found when upgrade to openssl-0.9.5
When I upgrade my applications by using openssl-0.9.5 beta1 to replace openssl-0.9.4, at running time I found: "error:02001003:system library:fopen:BN lib" when function called at:SSL_CTX_load_verify_locations(ssl,caPath,caFile); I compile and run both version in the same environment. What is wrong? Dennis
Compile Problems With .94
OK, what am I doing wrong. I've been successful on some systems, but it fails on others, and I really have no clue as to why. I run everything the way you show in the docs, but it fails. Now it seems to be failing more than not, and I don't know what's missing from my system, i.e. some sort of lib file or what in order to make your software compile properly. I invoked: fw:/usr/src/openssl-0.9.4 # make -I/usr/src/openssl-0.9.4/include/openssl It seems to make it all the way through, but towards the end, we this: make[1]: Entering directory `/usr/src/openssl-0.9.4/apps' gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c verify.c -o verify.o gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c asn1pars.c -o asn1pars.o gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c req.c -o req.o gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c dgst.c -o dgst.o gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c dh.c -o dh.o gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c enc.c -o enc.o gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c gendh.c -o gendh.o gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c errstr.c -o errstr.o gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c ca.c -o ca.o gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c pkcs7.c -o pkcs7.o gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c crl2p7.c -o crl2p7.o gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c crl.c -o crl.o gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c rsa.c -o rsa.o gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c dsa.c -o dsa.o gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c dsaparam.c -o dsaparam.o gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c x509.c -o x509.o gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c genrsa.c -o genrsa.o gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c gendsa.c -o gendsa.o gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c s_server.c -o s_server.o gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c s_client.c -o s_client.o gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c speed.c -o speed.o gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c s_time.c -o s_time.o gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c apps.c -o apps.o gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c s_cb.c -o s_cb.o gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c s_socket.c -o s_socket.o gcc -DMONOLITH -I../include -DTHREADS -D_REENTRANT -DREF_CHECK -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM -c version.c -o
make mycert.crt
Hi, I want to sign a certificate to my server with a self signed CA. I' ve done this, openssl ca -config openssl.cnf -in server.csr -out server.crt and i've got this error message: CA ceertificate and CA private key do not match 2946:error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch:x509_cmp.c:264: Anyone? Thanks in advance. Osvaldo Brito [EMAIL PROTECTED] [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
making a server certificate problem
Hi, I want to generate a server certificate. For that have to sign my server.csr file with my self signed CA. I used this: openssl ca -config openssl.cnf -md md5 -keyfile ca.key -cert ca.crt -in server.csr -out mycert.crt and i've got this error message: wrong number of fields on line 1 (looking for field 6, got 1, '' left) What's the problem? Thanks in advance. Osvaldo Brito [EMAIL PROTECTED] [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]