brand new to this list, have a ?
I am brand new to this list, so please forgive if this question has already been answered.. I installed OPENSA on my Windows 2000 server, and I went to generate a CSR request. It told me that it could not find the config file openssl.cnf. I searched my whole drive and it wasnt to be found. I went to the openssl site and after about 2 hours of looking through that site I found an example of this file. So I copy /pasted it into a file and ran the command to generate the CSR. I submitted it to directnic (my registrar and vendor of SSL certs. It kept telling me that things were missing from my CSR request. (like State, and then Organization). After much searching on the web I found another site which had a far more elaborate file, and I gleaned enough from it to get the CSR request to finally work through directnic, but I am wondering if I got everything. I dont get why the file was not installed on my machine with opensa, and why the example file on the openssl site was missing stuff. Havent people (like me, ie new to Apache) been required to do this same thing?? John John Huszar Integrity Computer Services Inc 503-657-0655 - Webstores, Web Hosting, Online Registration Systems, Wireless Internet Access http://www.integritycomputer.net http://www.northwestmall.com http://www.icsbi.net __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: brand new to this list, have a ?
I installed OPENSA on my Windows 2000 server, and I went to generate a CSR request. It told me that it could not find the config file openssl.cnf. I searched my whole drive and it wasnt to be found. I went to the openssl site and after about 2 hours of looking through that site I found an example of this file. So I copy /pasted it into a file and ran the command to generate the CSR. I submitted it to directnic (my registrar and vendor of SSL certs. It kept telling me that things were missing from my CSR request. (like State, and then Organization). After much searching on the web I found another site which had a far more elaborate file, and I gleaned enough from it to get the CSR request to finally work through directnic, but I am wondering if I got everything. I dont get why the file was not installed on my machine with opensa, and why the example file on the openssl site was missing stuff. Havent people (like me, ie new to Apache) been required to do this same thing?? Did you follow OPENSA's instructions for generating a CSR? If it didn't come with any, talk to the OPENSA folks about why not. If the instructions led you astray, again talk to them. As for why the OPENSA installation didn't install an 'openssl.cnf' file, that would also be a question for the OPENSA folks. My guess (and this is only a guess) would be that they didn't intend their installation to be a full install of openssl for you to use directly. You installed OPENSA and then tried to follow the OpenSSL instructions. That's likely why things didn't work. The OpenSSL instructions assume a default OpenSSL installation. DS __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
[98] Address in use.. Could not bind to 443
Hello: I have migrated from RH 7.1 to RH 9. I have edited the httpd.conf, and connections work to the server thru port 80. But when I move the connection to 443 and SSL, I get a Could not bind to 443, Address already in use error message. Upon some investigation I discovered that in the ssl.conf file there is: listen 443. When I removed the listen 443, I was able to connect to the server. The problem now is that the virtual host defined in the ssl.conf is not what I want. My question is, should I remove the virtual host for ssl from the httpd.conf and edit the ssl.conf, or vice versa? Is the ssl.conf necessary if everything is covered in the httpd.conf? Thanks, Ken __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
problem with openssl and visual C++ 6.0
Hi,I tried to build the program in visual studio c++ using some OpenSSLs functions. The environment is Windows XP and Visual C++ 6.0.I downloaded the latest version of openSSL (openssl-0.9.7d) from http://www.openssl.org/source and I compiled it with visual C++ under windows.The commands that I used to built openSSL are describe in the file Install.win32 supplied with openSSL.I have installed openSSL successfully and I think that the configuration of Visual C++ is well. However I got a serious problem when I
tried to
run my program.In fact, whenever I try to call any function of openSSL my program embedded.For example, my program got stuck when it try to call one of the following functions: PEM_read_RSAPrivateKey or RSA_generate_key.I attached the files.I'll be waiting for you prompt answer.Thanks Saladine//#include "stdafx.h"// demo.cpp : Defines the entry point for the console application.///* NOCW *//* demos/spkigen.c* 18-Mar-1997 - eay - A quick hack :-) * version 1.1, it would probably help to save or load the*private key :-)*//* The following two don't exist in SSLeay but they are in here as* examples */#define PEM_write_SPKI(fp,x)
\PEM_ASN1_write((int (*)())i2d_NETSCAPE_SPKI,"SPKI",fp,\(char *)x,NULL,NULL,0,NULL,NULL)int SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey);/* These are defined in the next version of SSLeay */int EVP_PKEY_assign(EVP_PKEY *pkey, int type,char *key);//#define RSA_F40x10001#define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\(char *)(rsa))int main(int argc,char*
argv[]){//int argc;//char *argv[];RSA *rsa=NULL;DSA*dsa = NULL;NETSCAPE_SPKI *spki=NULL;EVP_PKEY *pkey = NULL;char buf[128];int ok=0,i;FILE *fp; std::cout "Appel a EVP_PKEY_new" std::endl;pkey=EVP_PKEY_new();std::cout "Appel a EVP_PKEY_new reussi" std::endl;if (argc 2){/* Generate an RSA key, the random state should have been seeded * with lots of calls to RAND_seed() */fprintf(stderr,"generating RSA key, could take some time...\n");std::cout "Appel a RSA_generate_key" std::endl;if ((rsa=RSA_generate_key(512,RSA_F4,NULL,NULL)) == NULL) goto err;std::cout "Appel a RSA_generate_key reussi"
std::endl;}else{std::cout "Lecture de la cle privee :" std::endl;std::cout "Etape 1 : ouverture du fichier" std::endl; if ((fp=fopen("C:/sequestre/cles/privkey.pem","r")) == NULL){std::cout "Fichier introuvable" std::endl; perror(argv[1]); goto err; }std::cout "Etape 1 : Terminee avec succes "std::endl;std::cout "Etape 2 : Appel à PEM_read_RSAPrivateKey" std::endl;if ((rsa=PEM_read_RSAPrivateKey(fp,NULL,NULL,NULL)) == NULL){std::cout "Etape 2: Echec" std::endl;goto err;}std::cout "Etape 2 : Terminee avec succes"
std::endl;fclose(fp);}if (!EVP_PKEY_assign_RSA(pkey,rsa)) goto err;rsa=NULL;/* lets make the spki and set the public key and challenge */if ((spki=NETSCAPE_SPKI_new()) == NULL) goto err;if (!SPKI_set_pubkey(spki,pkey)) goto err;fprintf(stderr,"please enter challenge string:");fflush(stderr);buf[0]='\0';fgets(buf,sizeof
buf,stdin);i=strlen(buf);if (i 0) buf[--i]='\0'; std::cout "Appel a ASN1_STRING_set" std::endl;if (!ASN1_STRING_set((ASN1_STRING *)spki-spkac-challenge,buf,i)) goto err;if (!NETSCAPE_SPKI_sign(spki,pkey,EVP_md5())) goto err;PEM_write_SPKI(stdout,spki);if (argc 2)PEM_write_RSAPrivateKey(stdout,pkey-pkey.rsa,NULL,NULL,0,NULL,NULL);ok=1;err:if (!ok){fprintf(stderr,"something bad happened");ERR_print_errors_fp(stderr);}NETSCAPE_SPKI_free(spki);EVP_PKEY_free(pkey);//exit(!ok);return !ok;}/* This function is in the next version of SSLeay */int EVP_PKEY_assign(EVP_PKEY * pkey,int type,char * key){//EVP_PKEY *pkey;//int type;//char *key;if (pkey == NULL) return(0);if (pkey-pkey.ptr != NULL){if (pkey-type == EVP_PKEY_RSA)RSA_free(pkey-pkey.rsa);/* else memory leak
*/}pkey-type=type;pkey-pkey.ptr=key;return(1);}/* While I have a * X509_set_pubkey() and X509_REQ_set_pubkey(), SPKI_set_pubkey() does* not currently exist so here is a version of it.* The next SSLeay release will probably have* X509_set_pubkey(),* X509_REQ_set_pubkey() and* NETSCAPE_SPKI_set_pubkey()* as macros calling the same function */int SPKI_set_pubkey(NETSCAPE_SPKI * x,EVP_PKEY * pkey){//NETSCAPE_SPKI *x;//EVP_PKEY *pkey;int ok=0;X509_PUBKEY *pk;X509_ALGOR *a;ASN1_OBJECT *o;unsigned char *s,*p;int i;if (x == NULL) return(0);if ((pk=X509_PUBKEY_new()) == NULL) goto err;a=pk-algor;/* set the algorithm id */if ((o=OBJ_nid2obj(pkey-type)) == NULL) goto err;ASN1_OBJECT_free(a-algorithm);a-algorithm=o;/* Set the parameter list */if ((a-parameter == NULL) || (a-parameter-type !=
V_ASN1_NULL)){ASN1_TYPE_free(a-parameter);a-parameter=ASN1_TYPE_new();a-parameter-type=V_ASN1_NULL;}i=i2d_PublicKey(pkey,NULL);if ((s=(unsigned char *)malloc(i+1)) == NULL) goto err;p=s;i2d_PublicKey(pkey,p);if (!ASN1_BIT_STRING_set(pk-public_key,s,i)) goto err;free(s);X509_PUBKEY_free(x-spkac-pubkey);x-spkac-pubkey=pk;pk=NULL;ok=1;err:if (pk != NULL) X509_PUBKEY_free(pk);return(ok);}
Yahoo! Mail : votre e-mail personnel et gratuit
How to encrypt a RSA priv key
Hi !! I have some problems because I want a RSA private key in DER form but des-cbc codified. The source key is in PEM encoded form (password protected) and I need something similar but in DER encoded form (also password protected key). I have been tried with: openssl rsa -in mykey.pem -outform DER -out mykey.key, to get a DER encoded form key, and after this: openssl enc -des-cbc -in mykey.key -out mydeskey.key -pass stdin -e;it looks like all finishes ok, but when I take a look to the output file, it looks like a little bit "strange" because it begins with "Salt_" Really I don't know what is happening ... for me will be wonderful if I will do something like this from C routines. I have been take a look to evp.h but I'm confused . Someone could help me ?? thanks in advance zainosDo You Yahoo!? Yahoo! Net: La mejor conexión a internet y 25MB extra a tu correo por $100 al mes.
Re: How to encrypt a RSA priv key
On Wed, Apr 14, 2004, Carlos Roberto Zainos H wrote: Hi !! I have some problems because I want a RSA private key in DER form but des-cbc codified. The source key is in PEM encoded form (password protected) and I need something similar but in DER encoded form (also password protected key). I have been tried with: openssl rsa -in mykey.pem -outform DER -out mykey.key, to get a DER encoded form key, and after this: openssl enc -des-cbc -in mykey.key -out mydeskey.key -pass stdin -e; it looks like all finishes ok, but when I take a look to the output file, it looks like a little bit strange because it begins with Salt_ Really I don't know what is happening ... for me will be wonderful if I will do something like this from C routines. The traditional encryption used by OpenSSL is at the PEM level and cannot be applied to DER. An alternative is to use PKCS#8 format (see pkcs8 utility) which encrypts at the DER level. However you need to use the PKCS8 functions to encrypt and decrypt your key then. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: problem with openssl and visual C++ 6.0
On Wed, Apr 14, 2004, SALADINE atexo wrote: Hi, I tried to build the program in visual studio c++ using some OpenSSLs functions. The environment is Windows XP and Visual C++ 6.0. I downloaded the latest version of openSSL (openssl-0.9.7d) from http://www.openssl.org/source and I compiled it with visual C++ under windows. The commands that I used to built openSSL are describe in the file Install.win32 supplied with openSSL. I have installed openSSL successfully and I think that the configuration of Visual C++ is well. However I got a serious problem when I tried to run my program. In fact, whenever I try to call any function of openSSL my program embedded. For example, my program got stuck when it try to call one of the following functions: PEM_read_RSAPrivateKey or RSA_generate_key. I attached the files. See if the FAQ helps. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
