Re:Re: correction...DSA self certificate use_cert..file failure
What does this file NosAdminUnixCert.pem look like? That error suggests the certificate is corrupted somehow. Here is the file... it looks exactly as some other certificate files I have seen. But different as others... I have generated it using instructions of course with the names of the files that I needed (it is a DSA) so I made certating corrections based on http://www.intertrader.com/library/SSLeay/no_rsa.cfm. Also the first line has not created a .rnd file? openssl req -config req.cnf -x509 -newkey dsa:512 -keyout key.pem -out RootCert.pem openssl req -new -config req.cnf -out MyReq.req openssl ca -onfig ca.cnf -in MyReq.req -out newcert.pem NosAdminUnixCert.pem NosAdminUnixCert.pem
unable to load 'random state' (OpenSSL 0.9.5 on Solaris)
I just build OpenSSL 0.9.5, standard, on Solaris (SunOS) 5.6. When I run "openssl s_client -connect www.foo.bar:443" I get this: unable to load 'random state' This means that the random number generator has not been seeded with much random data. Consider setting the RANDFILE environment variable to point at a file that 'random' data can be kept in (the file will be overwritten). connect: Connection refused connect:errno=146 error in s_client On BSD machines this doesn't happen (I guess it guesses correctly that it can use /dev/urandom or something?). I know I can set the RANDFILE env variable to something; what are other Solaris users using? Thanks. -T. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: urgent help
Sadir.Al-khafaji urgent help, i am trying to get my browser to client Sadir.Al-khafaji authenticate a an ssl server but it doesn't work. Sadir.Al-khafaji Can any one help me out. do i have to generate a Sadir.Al-khafaji server server and a client cert signed with ca so Sadir.Al-khafaji that they can authenticate. Most of the times, it's a good idea to give the server a server certificate (I don't know if there's any browser that doesn't want to check that). The server cert can very well be self-signed as far as I know, but if you want to do it right, it's definitelly better to have it signed by a correct CA. If you want ant more substantial help, it might be a good idea if you shared relevant logs and error messages from the browser as well as from the server with us. -- Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] Chairman@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 Redakteur@Stacken \ SWEDEN \ or +46-708-26 53 44 Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] Member of the OpenSSL development team Unsolicited commercial email is subject to an archival fee of $400. See http://www.stacken.kth.se/~levitte/mail/ for more info. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Trouble building MSDOS version
Good morning, I know that the older 16 bit support is not being kept up to date, but I'm hoping there is someone that has a suggestion how to fix this. I am trying to build the library for an embedded DR-DOS target running on 386 and 486 processors on PC/104 cards. The target system is Ampro 386/25MHz or 486/133MHz CPUs Boot Diskette image built in Flash ROM (R/O file system) DR-DOS 5.0 NE2000 Ethernet card Novell TCP/IP stack and socket library (Taken from their LAN Workplace SDK) The development platform is NT 4 SP5 ActiveState Perl build 515 VC++ 1.50c MASM 6.00B The plan is to be able to establish an RC4 encrypted connection between this target and a service running on an NT server. Both ends are running our own applications. I want to open the socket, skip the certificate exchange, use DH to exchange a session key and enable the encryption for all traffic until the socket is closed. This is for a POS system that will initiate the connection about 2:30 am, after running an End Of Day audit, and be online until the next EOD. All private secrets will be kept in a local disk file. The initial step was Perl configure no-threads 386 VC-MSDOS I then made some manual changes to the ms\msdos.mak file INSTALLTOP=E:\COMMS\msdos\openssl.095 CC=cl CFLAG=-O1 -DMSDOS -DNO_SOCK /G3 # -O1 optimizes for speed SRC_D=E:\COMMS\msdos\openssl.095 When I actually try to make the library (nmake -f ms\msdos.mak) everything appears to work until it gets to crypto/bio/bss_log.c, where I get the following error: cl -o tmp\bss_log.o -Ioutinc -Itmp -O1 -DMSDOS -DNO_SOCK /G3 -c E:\COM MS\msdos\openssl.095\crypto\bio\bss_log.c Microsoft (R) C/C++ Optimizing Compiler Version 8.00c Copyright (c) Microsoft Corp 1984-1993. All rights reserved. e:\comms\msdos\openssl.095\crypto\bio\bss_log.c e:\comms\msdos\openssl.095\crypto\bio\bss_log.c(73) : fatal error C1083: Cannot open include file: 'syslog.h': No such file or directory NMAKE : fatal error U1077: 'C:\WINNT\system32\cmd.exe' : return code '0x2' Stop. Looking at the source, it's obvious that it's not expecting to have MSDOS defined, the #IFDEF's only check for WIN32 and __ultrix. Is there a quick and easy way to remove or screen out this log function and anything that can't work in the MSDOS world? Is there any way? Thank you, Bob McConnell Principal Communications Programmer The CBORD Group, Inc. 61 Brown Road Ithaca, NY 14850-1247 Phone 607 257-2410 Fax 607 257-1902 email [EMAIL PROTECTED] web www.cbord.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: unable to load 'random state' (OpenSSL 0.9.5 on Solaris)
On Thu, 9 Mar 2000, Theodore Hope wrote: I just build OpenSSL 0.9.5, standard, on Solaris (SunOS) 5.6. When I run "openssl s_client -connect www.foo.bar:443" I get this: unable to load 'random state' This means that the random number generator has not been seeded with much random data. Consider setting the RANDFILE environment variable to point at a file that 'random' data can be kept in (the file will be overwritten). connect: Connection refused connect:errno=146 error in s_client On BSD machines this doesn't happen (I guess it guesses correctly that it can use /dev/urandom or something?). I know I can set the RANDFILE env variable to something; what are other Solaris users using? Hey, a "me too" here. This makes sense, now. I put 0.9.5 on Solars 2.6 and 7, and IRIX 6.5, and with Crypt::SSLeay net_ssl_test, I got errors. On my Linux box, I did not (which has /dev/*random). I got some more info, too (on IRIX): unable to load 'random state' This means that the random number generator has not been seeded with much random data. Consider setting the RANDFILE environment variable to point at a file that 'random' data can be kept in (the file will be overwritten). CONNECTED(0003) depth=1 /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign verify error:num=20:unable to get local issuer certificate verify return:0 44423:error:24064064:random number generator:SSLEAY_RAND_BYTES:prng not seeded:md_rand.c:470: 44423:error:05067003:Diffie-Hellman routines:DH_generate_key:BN lib:dh_key.c:148: 44423:error:14098005:SSL routines:SSL3_SEND_CLIENT_KEY_EXCHANGE:bad asn1 object header:s3_clnt.c:1403: I'm also not sure what to use for this. Don -- Don Badrak [EMAIL PROTECTED] 301.457.8263 work Telecommunications Office301.457.4438 fax U.S. Bureau of the Census Suitland MD, USA __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
splitting openssl processing between threads ?
Hi all, I'm in the process of designing what is effectively an ssl tunnel between 2 systems. I'd like to know if it's possible to seperate the session handling functions of openssl from the crypto ones. Something like process A handles the encryption of data and passes the encrypted data to process B who is responsible for the establishing the session and sending the data. I realise that some data must be exchanged between the 2 processes (algorithms and probably some other stuff I don't know about yet), however I'm wondering if there's any thread or process bindings that would affect this sort of design. Thanks in advance for any insight. Gregory Nicholls __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Verifying Certificates
Bingo. Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Dr Stephen Henson Sent: Wednesday, March 08, 2000 5:47 PM To: [EMAIL PROTECTED] Subject: Re: Verifying Certificates Mark E. Schoneman wrote: I'm aware I'm trying to cheat abit here, but here's the problem. I'm trying to verify certificates via API rather than reading from files. I have the CA cert in CAx509 and the cert to verify in x509 I use X509_STORE_add_cert it load the CA's cert in the store, thinking that if finds it there first, It won't try call any X509_LOOKUP functions. Here's what I'm trying to do and any pointers would help. TIA Mark S. X509 *CAx509 X509 *x509 ERR_load_crypto_strings(); SSLeay_add_all_algorithms(); ctx = X509_STORE_new(); status = X509_STORE_set_default_paths(ctx); printf("Status %d\n", status); status = 1 status = X509_STORE_add_cert(ctx, CAx509); printf("Status %d\n", status);status = 1 X509_STORE_CTX_init(csc, ctx, x509, NULL); status = X509_verify_cert(csc); if(status) printf("Status %d\n", status); else { printf("Status%d\n", status);status = 0 ERR_print_errors_fp(stderr); No error messages exit (1); } ERR_print_errors_fp() wont work with certificate verify. Have a look at the verify callback and stuff in apps/verify.c and the see what error you get. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: urgent help
Sadir Al-khafaji wrote: openssl x509 -req -in new.cert.csr -out client.cert.cert -signkey Ca.key -CA saal-rsa.crt -CAkey Ca.key -CAcreateserial -days 365 Signature ok subject=/C=SE/ST=na/L=na/O=na/OU=na/CN=foo.com/Email=na Getting Private key Getting CA Private Key First problem you are using conflicting arguments. -signkey turns a request into a self signed certificate and -CA signs it as a CA. Don't use the -signkey argument. and it was ok then i was going to export it to pkcs12 and this is what i have got openssl pkcs12 -export -in saal-rsa.crt -inkey privkey.pem -name "Test" -caname "Test CA" -certfile new.cert.cert -out mycert.p12 Enter PEM pass phrase: No certificate matches private key If you are using OpenSSL 0.9.4 this has been known to happen. Try 0.9.5. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Celo Communications: http://www.celocom.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
adding trusted cert
Sorry if this seems trivial, but: 1- I created a root cert (self signed) 2- I created a cert request for a CA cert 3- I made my CA cert signed by my root cert: it signed, but could not verify I guessed it's because my root cert has not been installed as a "trusted" root. I' trying to set my root cert trusted with the following command: openssl x509 -inform DER -outform DER -in root.cer -addtrust all -alias "Test trusted root" -out RootTrust.cer I get kicked by OpenSSL as follows: Invalid trust object value all I have the same error for all the values defined in the documentation: sslclient, objsign, etc Apparently openssl tries to get an ASN.1 object with OBJ_txt2obj from the string 'all', and doesn't find it in OBJ_sn2nid nor OBJ_ln2nid: am I missing a configuration file somewhere? Richard Dykiel, Starburst Software150 Baker Avenue, Concord, MA 01742http://www.starburstsoftware.com1-800-585-3889 ext289
Commercial SSL in the US
Wow. I'm at a loss here. Does anyone know of any way that my (tiny) company can legally use SSL for commercial purposes in the US without paying an obscene amount of money to RSA or buying an obscenely expensive web server system from a vendor? We were going to use an Apache web server with its OpenSSL interface, but the Apache documentation indicates that this is not allowed for commercial purposes in the US. Any help you can give would be appreciated. Gerard Monsen Integrated Litigation Solutions Oakland, CA __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
dublicates
Hello, dublicates are generated by public.guangzhou.gd.cn and I dont know whom to contact there. Please let us do something right instead of just complyning "I have dublicates" back to the list driving traffic up. One might want to blacklist this host on primary list server. Thank all for yur patience, Vadim There are headers from old message that was on the list already: Received: by en5.engelschall.com (Sendmail 8.9.2) for openssl-users-L id OAA12639; Thu, 9 Mar 2000 14:50:14 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via SMTP for +[EMAIL PROTECTED] from public.guangzhou.gd.cn id OAA12628; Thu, 9 Mar 2000 14:50:04 +0100 +(MET) Received: from public.guangzhou.gd.cn([127.0.0.1]) by +public.guangzhou.gd.cn(JetMail 2.3.2.5) with SMTP id /aimcque/jmail.rcv/7/jma38c7f46e; Thu, 9 Mar 2000 13:47:55+- Received: from opensource.ee.ethz.ch([129.132.7.153]) by +public.guangzhou.gd.cn(JetMail 2.3.2.5) with SMTP id /aimcque/jmail.rcv/4/jm2138c2b99e; Sun, 5 Mar 2000 +19:39:13 - Received: by en5.engelschall.com (Sendmail 8.9.2) for openssl-users-L id LAA04029; Sun, 5 Mar 2000 11:16:36 +0100 (MET) Received: by en5.engelschall.com (Sendmail 8.9.2) via ESMTP for +[EMAIL PROTECTED] from www.positive.ee id LAA04024; Sun, 5 Mar 2000 11:16:31 +0100 (MET) __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: unable to load 'random state' (OpenSSL 0.9.5 on Solaris)
On Thu, Mar 09, 2000 at 10:39:17AM -0500, Don Badrak wrote: On Thu, 9 Mar 2000, Theodore Hope wrote: When I run "openssl s_client -connect www.foo.bar:443" I get this: unable to load 'random state' This means that the random number generator has not been seeded with much random data. Consider setting the RANDFILE environment variable to point at a file that 'random' data can be kept in (the file will be overwritten). [...] I'm also not sure what to use for this. If RANDFILE is not defined, file ~/.rnd is used as a default. You can cat lots of unpredictable data into this file to provide initial PRNG seeding. See URL: http://www.openssl.org/support/faq.html#6. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Commercial SSL in the US
At 05:10 AM 3/9/00 , you wrote: Wow. I'm at a loss here. Does anyone know of any way that my (tiny) company can legally use SSL for commercial purposes in the US without paying an obscene amount of money to RSA or buying an obscenely expensive web server system from a vendor? Yes. It's called OpenSSL. Export regulations were relaxed this January, .. and while there are many issues to be resolved, it essentially means that WE can IMPORT anything in the public domain without a problem. We were going to use an Apache web server with its OpenSSL interface, but the Apache documentation indicates that this is not allowed for commercial purposes in the US. Any help you can give would be appreciated. Commercial use as defined by the Feds is *SELLING* the software. Using it for YOUR website is not commercial use. Some have argued the point, but who cares? As a small company, we can download OpenSSL, OpenBSD (my next project), SSH, and on and on as long as we grab international versions. Nobody cares what we do, as long as WE do not EXPORT crypto software. Now before all of the experts chime in, realize that I am just speaking from the 'small fry' viewpoint g! It will take years before the regs work their way through the courts and are interpreted, .. but at this point there is nobody saying that you cannot use OpenSSL or any of it's related works. The restrictions occur when US companies export encryption, .. but as long as we use international code there are no restrictions. Lee Leland V. Lammert[EMAIL PROTECTED] Chief Scientist Omnitec Corporation Network/Internet Consultants www.omnitec.net __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: [ANNOUNCE] OpenSSL-0.9.5 MS Visual C++ Project files
"Andrew W. Gray" wrote: OpenSSL-0.9.5 MS Visual C++ Project files Available If you're not using Windows NT, 95 or 2000 you can delete this now. Hiya, Just wanted to thank you for this. I used it and it was _damn_ easy. One comment, probably something I screwed up but . . The links all failed until I built the assembler stuff using ms/do_masm. Is this me or Thanks again for some _truly_ excellent work, Greg. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Commercial SSL in the US
On Thu, Mar 09, 2000 at 11:10:24AM +, Gerard Monsen wrote: Wow. I'm at a loss here. Does anyone know of any way that my (tiny) company can legally use SSL for commercial purposes in the US without paying an obscene amount of money to RSA or buying an obscenely expensive web server system from a vendor? Yes, buying an inexpensive web server system. I think Redhat offers the cheapest one, but there are several vendors. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Commercial SSL in the US
Don't know what your definition of obscene is when it comes to money, but I know that the Stronghold server that I purchased (actually Apache with SSL) cost me a grand total of $1025 and included a free Thawte certificate. That doesn't seem to awfully obscene. The computer you want to run it one was proably more obscenely expensive than that. -- Rob --On Thursday, March 9, 2000 11:10 AM + Gerard Monsen [EMAIL PROTECTED] wrote: Wow. I'm at a loss here. Does anyone know of any way that my (tiny) company can legally use SSL for commercial purposes in the US without paying an obscene amount of money to RSA or buying an obscenely expensive web server system from a vendor? We were going to use an Apache web server with its OpenSSL interface, but the Apache documentation indicates that this is not allowed for commercial purposes in the US. Any help you can give would be appreciated. Gerard Monsen Integrated Litigation Solutions Oakland, CA __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] _ _ _ _ __ _ _ _ _ /\_\_\_\_\/\_\ /\_\_\_\_\_\ /\/_/_/_/_/ /\/_/ \/_/_/_/_/_/ QUIDQUID LATINE DICTUM SIT, /\/_/__\/_/ __/\/_//\/_/ PROFUNDUM VIDITUR /\/_/_/_/_/ /\_\ /\/_//\/_/ /\/_/ \/_/ /\/_/_/\/_//\/_/ (Whatever is said in Latin \/_/ \/_/ \/_/_/_/_/ \/_/ appears profound) Rob Tanner UNIX and Networks Manager Linfield College, McMinnville OR (503) 434-2558 [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Commercial SSL in the US
I don't know exactly what the original poster is trying to do, but you might want to get advice as to if your use violates US patent law. That is probably a more important issue than export. The RSA patent expires in September. Commercial use as defined by the Feds is *SELLING* the software. We've gone 'round on this before. Don't believe what you read, get your own counsel. (The original poster is apparently new, and deserves to be told that Mr. Lemmert is in the minority on this point.) On the other hand, it's probably cheaper to buy something like the Redhat product. :) /r$ __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Help for handshake failure with cisco router.
Hi, When my Cisco router request a SSL connection to the openssl s_server, handshake failed. I am no familiar with the SSL handshake procedure, could someone tell me why does it happen? I attached all the debug and state message following: == D:\OSPSSLopenssl s_server -accept 443 -verify 1 -CApath .\ -CAfile MyCaCert.pem-cert .\certs\SerCert.pem -key .\certs\SerKEY.pem -state -debugverify depth is 1Using default temp DH parametersEnter PEM pass phrase:ACCEPTbad gethostbyaddrSSL_accept:before/accept initializationread from 00442AE0 [00AF0040] (7 bytes = 7 (0x7)) - 16 03 00 00 2d 01 -.0007 - SPACES/NULSread from 00442AE0 [00AF0047] (43 bytes = 43 (0x2B)) - 00 29 03 00 2b 93 ed 45-88 ea 30 e8 7e 72 ed ce .)..+..E..0.~r..0010 - d5 53 81 47 fe db 30 e9-19 68 6b 43 7e 25 6e 68 .S.G..0..hkC~%nh0020 - e7 ed 6a ab 00 00 02 00-08 01 ..j...002b - SPACES/NULSSSL_accept:SSLv3 read client hello Awrite to 00442AE0 [00AF9070] (79 bytes = 79 (0x4F)) - 16 03 00 00 4a 02 00 00-46 03 00 38 c7 e2 e2 45 J...F..8...E0010 - fa e3 96 ed d5 30 c8 9c-fa d5 5f 7b 27 2b 1c 3f .0_{'+.?0020 - ff 54 8f b9 e3 72 26 53-8c 7b c6 20 48 d4 64 b0 .T...rS.{. H.d.0030 - 10 54 5f 54 18 68 80 fa-d9 73 b6 f7 d3 5c da e4 .T_T.h...s...\..0040 - e2 aa d9 2d 3c 61 2c 89-3a e3 f1 ed 00 08 ...-a,.:.004f - SPACES/NULSSSL_accept:SSLv3 write server hello Awrite to 00442AE0 [00AF4858] (1489 bytes = 1489 (0x5D1)) - 16 03 00 05 cc 0b 00 05-c8 00 05 c5 00 03 6a 30 ..j00010 - 82 03 66 30 82 02 cf a0-03 02 01 02 02 10 4c a7 ..f0..L.0020 - ea e7 84 c7 ef 02 75 ae-15 1a 76 06 c9 b5 30 0d ..u...v...0.0030 - 06 09 2a 86 48 86 f7 0d-01 01 04 05 00 30 56 31 ..*.H0V10040 - 11 30 0f 06 03 55 04 07-13 08 49 6e 74 65 72 6e .0...UIntern0050 - 65 74 31 17 30 15 06 03-55 04 0a 13 0e 56 65 72 et1.0...UVer0060 - 69 53 69 67 6e 2c 20 49-6e 63 2e 31 28 30 26 06 iSign, Inc.1(0.0070 - 03 55 04 0b 13 1f 56 65-72 69 53 69 67 6e 20 4f .UVeriSign O0080 - 6e 53 69 74 65 20 53 75-62 73 63 72 69 62 65 72 nSite Subscriber0090 - 20 44 65 6d 6f 30 1e 17-0d 30 30 30 33 30 33 30 Demo0...000303000a0 - 30 30 30 30 30 5a 17 0d-30 30 30 35 30 32 32 33 0Z..0005022300b0 - 35 39 35 39 5a 30 81 84-31 0b 30 09 06 03 55 04 5959Z0..1.0...U.00c0 - 06 13 02 55 53 31 13 30-11 06 03 55 04 08 13 0a ...US1.0...U00d0 - 63 61 6c 69 66 6f 72 6e-69 61 31 12 30 10 06 03 california1.0...00e0 - 55 04 07 13 09 66 75 6c-6c 65 72 74 6f 6e 31 0f Ufullerton1.00f0 - 30 0d 06 03 55 04 0a 13-06 6e 65 74 72 75 65 31 0...Unetrue10100 - 0b 30 09 06 03 55 04 0b-13 02 63 68 31 0f 30 0d .0...Uch1.0.0110 - 06 03 55 04 03 13 06 6f-73 70 6e 63 63 31 1d 30 ..Uospncc1.00120 - 1b 06 09 2a 86 48 86 f7-0d 01 09 01 16 0e 78 75 ...*.Hxu0130 - 77 40 6e 65 74 72 75 65-2e 63 6f 6d 30 81 9f 30 [EMAIL PROTECTED]0140 - 0d 06 09 2a 86 48 86 f7-0d 01 01 01 05 00 03 81 ...*.H..0150 - 8d 00 30 81 89 02 81 81-00 b8 2e 1b b7 8d 32 a4 ..0...2.0160 - 21 12 8a 19 16 80 d3 ab-29 84 46 a9 e2 9f 49 15 !...).F...I.0170 - 2e 7a 6d 3b 56 f6 5b 79-59 12 20 b2 03 54 bc fe .zm;V.[yY. ..T..0180 - ac b5 44 72 d8 1f 61 35-e1 07 4a f8 ff b8 d5 cc ..Dr..a5..J.0190 - a8 6c d6 74 38 9c 0c c2-6d c4 89 40 07 46 53 f9 .l.t8...m..@.FS.01a0 - 14 00 e5 34 c7 d9 1b 5e-d7 d1 58 44 f6 69 fb 8a ...4...^..XD.i..01b0 - 5a c2 eb 3a 3f ce 69 01-f9 7c 42 be cf 41 e9 34 Z..:?.i..|B..A.401c0 - 9c 83 d0 16 bf 46 c5 7b-9d 9c a6 4c 17 56 f1 d6 .F.{...L.V..01d0 - 1c 77 08 44 ef 20 f3 61-79 02 03 01 00 01 a3 82 .w.D. .ay...01e0 - 01 04 30 82 01 00 30 09-06 03 55 1d 13 04 02 30 ..0...0...U001f0 - 00 30 81 b1 06 03 55 1d-1f 04 81 a9 30 81 a6 30 .0U.0..00200 - 81 a3 a0 81 a0 a0 81 9d-86 81 9a 6c 64 61 70 3a ...ldap:0210 - 2f 2f 64 69 72 65 63 74-6f 72 79 2e 76 65 72 69 file://directory.veri0220 - 73 69 67 6e 2e 63 6f 6d-2f 4f 55 20 3d 20 56 65 sign.com/OU = Ve0230 - 72 69 53 69 67 6e 20 4f-6e 53 69 74 65 20 53 75 riSign OnSite Su0240 - 62 73 63 72 69 62 65 72-20 44 65 6d 6f 2c 20 4f bscriber Demo, O0250 - 20 3d 20 22 56 65 72 69-53 69 67 6e 2c 20 49 6e = "VeriSign, In0260 - 63 2e 22 2c 20 4c 20 3d-20 49 6e 74 65 72 6e 65 c.", L = Interne0270 - 74 3f 63 65 72 74 69 66-69 63 61 74 65 72 65 76 t?certificaterev0280 - 6f 63 61 74 69 6f 6e 6c-69 73 74 3b 62 69 6e 61 ocationlist;bina0290 - 72 79 3f 62 61 73 65 3f-6f 62 6a 65 63 74 63 6c ry?base?objectcl02a0 - 61 73 73 3d 2a 30 0b 06-03 55 1d 0f 04 04 03 02 ass=*0...U..02b0 - 05 a0 30 32 06 03 55 1d-11 04 2b 30 29 82 0a 6e ..02..U...+0)..n02c0 - 65 74 72 75 65 2e 63 6f-6d 87 04 cf 5f e3 73 81 etrue.com..._.s.02d0 - 15 64 65 6e 6e 69 73 78-77 64 40 68 6f 74 6d 61 .dennisxwd@hotma02e0 - 69 6c 2e 63 6f 6d 30 0d-06 09 2a 86 48 86 f7 0d il.com0...*.H...02f0 - 01 01 04 05 00 03 81 81-00 94 34 9d a9 c6 cf ea ..4.0300 - 43 d5 35