Re: openssl compile won't make .so
On Thu, 15 Nov 2001, Keary Suska wrote: > I need to have openssl 0.9.6a create dynamically shared libcrypto & libssl, > but it won't for my system (linux-ppc). Just about every other software I > have compiled can create .so on my system without complaining, but why can't > openssl? I tried to modify the Configure script, which hasn't worked, but > I'm shooting in the dark since I don't know how the pieces are finally put > together in the makefile. > > There have been RPMs for my system which install .so, so it has to be > possible. Does anyone know how to force openssl to build shared objects (gcc > 2.9.5, elf support available)? > > Keary Suska > Esoteritech, Inc. > "Leveraging Open Source for a better Internet" 1- Start over again with a clean install, this time of openssl-0.9.6b. 2- Put your configure command in a file, so that it's documented (and thoroughly examined before running). 3- Capture all of your output to a file, so you can you meticuously examine it for errors and oddities afterwards, and so you'll have something to show us, so that _we_ don't have to shoot in the dark. === JJ = __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
openssl compile won't make .so
I need to have openssl 0.9.6a create dynamically shared libcrypto & libssl, but it won't for my system (linux-ppc). Just about every other software I have compiled can create .so on my system without complaining, but why can't openssl? I tried to modify the Configure script, which hasn't worked, but I'm shooting in the dark since I don't know how the pieces are finally put together in the makefile. There have been RPMs for my system which install .so, so it has to be possible. Does anyone know how to force openssl to build shared objects (gcc 2.9.5, elf support available)? Keary Suska Esoteritech, Inc. "Leveraging Open Source for a better Internet" __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Documentation
On 15 Nov 2001, Brent Newson wrote: > Can anyone point me in the direction of some good documentation or info > about running imap over ssl please? > -- > Cheers > > Brent The current version of UW-imap can be built with OpenSSL. The only problem I had was trying to generate a certificate in the form it wanted. The information for that can be found in the latest pre-release version imap-2001a.RELEASE-CANDIDATE.4 (and thanks to Breeze Howard for the tip). Excerpt follows. >From the imap-2001a.RELEASE-CANDIDATE.4/docs/SSLBUILD file. >Last Updated: 3 October 2001 > > The imapd.pem and ipop3d.pem must contain a private key and a > certificate. The private key must not be encrypted. > > The following command to openssl can be used to create a self-signed > certificate with a 10-year expiration: > req -new -x509 -nodes -out imapd.pem -keyout imapd.pem -days 3650 > > *** IMPORTANT *** > We DO NOT recommend, encourage, or sanction the use of self-signed > certificates. Nor will we be responsible for any problems (including security > problems!) which result from your use of a self-signed certificate. Use of > self-signed certificates should be limited to testing only. Buy a real > certificate from a certificate authority! > *** IMPORTANT *** === JJ = __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Problems on make install
Hi! I'm having problems with "make install". Linux Debian 1.3 (old!) kernel 2.0.36 I found that it was a missing ";" after an if-fi loop. The one in Makefile, (install: all install_docs, $(LIBS) variable). One of the lasts things to do for a make install. Now it works! gaston. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: x509 howto
Exactly. Sorry about that. === JJ = On 15 Nov 2001, Brent Newson wrote: > try replacing the .az with .nz and youll get there, was a typo. > > Cheers > > baldey > > On Thu, 2001-11-15 at 12:12, julien Bournelle wrote: > > On Thu, 15 Nov 2001, J. Johnson wrote: > > > > > A good opportunity to plug Peter Gutmann's *excellent* "X509 Style Guide". > > > It's worth perusing just for the quotes. > > > > > > www.cs.auckland.ac.az/~pgut001/pubs/x509guide.txt > > Hi, > > > > the link doesn't work. > > > > __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: pem CSR's
openssl req -outform PEM -new -newkey rsa:1024 [EMAIL PROTECTED] wrote: > Hi, > > I was wondering if anyone could teel me how I might generate a csr in PEM format. > > I belive I need to generate a key etc... but am not sure how to get it to be pem >format. > > Thanks for you help. > > Brett > > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: certificate renewal with openSSL
Nobody answered me this one... I will have to try to revocate a certificate to see if I can add it later However, most root CA, keep old certificates as valid, because it takes some time to install a new certificate on a machine... Cheers On 14 Nov 2001 12:29:30 -0500, POLIVKA-ROHRER, KEITH W. (AIT) wrote:> Did anybody answer this question? Or do you have to just grep -v the > index.txt file to get rid of the offending DN? > > Keith > > Keith Polivka-Rohrer > CBR - Customer Billing Relationships > Specialist, Server Development > Phone: 847-898-2841 > Fax: 847-898-2544
Re: pem CSR's
look at CA.pl in the apps directory. At 11:36 AM 11/16/2001 +1300, you wrote: >Hi, > >I was wondering if anyone could teel me how I might generate a csr in PEM >format. > >I belive I need to generate a key etc... but am not sure how to get it to >be pem format. > >Thanks for you help. > >Brett > >__ >OpenSSL Project http://www.openssl.org >User Support Mailing List[EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
pem CSR's
Hi, I was wondering if anyone could teel me how I might generate a csr in PEM format. I belive I need to generate a key etc... but am not sure how to get it to be pem format. Thanks for you help. Brett __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: x509 howto
A good opportunity to plug Peter Gutmann's *excellent* "X509 Style Guide". It's worth perusing just for the quotes. www.cs.auckland.ac.az/~pgut001/pubs/x509guide.txt === JJ = On Wed, 14 Nov 2001, Mads wrote: > Anyone knows of a good introduction to x509 certificates? I am looking > for info on the structure and encoding. > > I am currently studying the openssl implementation to see how to extract > keys from the certificate but a guide or howto would be much > appreciated. > > Kind regards, > > Mads > Open Communication Security > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List[EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]