Re: Format of file index.txt database of a CA
prakash babu wrote: > *eg ) V 051213070133Z B3500880020644B6 unknown > /C=IN/ST=TamilNadu/O=cbe/CN=test* > ** > *where:* > V - Certificate is Valid (R for revoked > certificates ) and E for expired. > 051213070133Z - Date upto which the certificate is valid > B3500880020644B6 - Serial number of the certificate > /C=IN/ST=TamilNadu/O=cbe/CN=test - subject of the certificate If a certificate is revoked, there is another field with the date of revocation, so a revoked entry looks like this: R 060920165425Z 050315152021Z 0B unknown /C=US/O=Organization/CN=Name In the other cases (Valid and Expired), there is still an empty field in this (so between the expiry date and the serial number there are two tabulators). So the format is: E|R|VExpiry[RevocationDate]SerialunknownSubjectDN Cheers, Olaf -- Dipl.Inform. Olaf Gellert PRESECURE (R) Senior Researcher, Consulting GmbH Phone: (+49) 0700 / PRESECURE [EMAIL PROTECTED] A daily view on Internet Attacks https://www.ecsirt.net/sensornet __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Format of file index.txt database of a CA
That clarifies everything! Thanks to all, Marco Richard Levitte wrote: Correction: The index.txt file is an ascii file consisting of 6 (not 4) tab-separated fields. Some of those fields may be empty and might appear not to exist at all. The 6 fields are: 0) Entry type. May be "V" (valid), "R" (revoked) or "E" (expired). Note that an expired may have the type "V" because the type has not been updated. 'openssl ca updatedb' does such an update. 1) Expiration datetime. 2) Revokation datetime. This is set for any entry of the type "R". 3) Serial number. 4) File name of the certificate. This doesn't seem to be used, ever, so it's always "unknown". 5) Certificate subject name. prakash babu writes: Hi The index.txt is an ascii file consisting of four fields eg ) V 051213070133Z B3500880020644B6 unknown /C=IN/ST=TamilNadu/O=cbe/CN=test where: V - Certificate is Valid (R for revoked certificates ) 051213070133Z - Date upto which the certificate is valid B3500880020644B6 - Serial number of the certificate /C=IN/ST=TamilNadu/O=cbe/CN=test - subject of the certificate Thanks, Prakash Marco Klasmeyer <[EMAIL PROTECTED]> wrote: Hello, is the format for "index.txt" database file of a CA defined somewhere? I want to run "openssl ocsp" as a small test OCSP responder, which needs this index file as input. For testing purposes I would like to manipulate some lines of this file, but I can't find any documentation about the format? By the way, is there a possibility to use a real database instead of this plain ASCII file? Thanks in advance, Marco __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] - Start your day with Yahoo! - make it your home page - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Format of file index.txt database of a CA
Correction: The index.txt file is an ascii file consisting of 6 (not 4) tab-separated fields. Some of those fields may be empty and might appear not to exist at all. The 6 fields are: 0) Entry type. May be "V" (valid), "R" (revoked) or "E" (expired). Note that an expired may have the type "V" because the type has not been updated. 'openssl ca updatedb' does such an update. 1) Expiration datetime. 2) Revokation datetime. This is set for any entry of the type "R". 3) Serial number. 4) File name of the certificate. This doesn't seem to be used, ever, so it's always "unknown". 5) Certificate subject name. prakash babu writes: Hi The index.txt is an ascii file consisting of four fields eg ) V 051213070133Z B3500880020644B6 unknown /C=IN/ST=TamilNadu/O=cbe/CN=test where: V - Certificate is Valid (R for revoked certificates ) 051213070133Z - Date upto which the certificate is valid B3500880020644B6 - Serial number of the certificate /C=IN/ST=TamilNadu/O=cbe/CN=test - subject of the certificate Thanks, Prakash Marco Klasmeyer <[EMAIL PROTECTED]> wrote: Hello, is the format for "index.txt" database file of a CA defined somewhere? I want to run "openssl ocsp" as a small test OCSP responder, which needs this index file as input. For testing purposes I would like to manipulate some lines of this file, but I can't find any documentation about the format? By the way, is there a possibility to use a real database instead of this plain ASCII file? Thanks in advance, Marco __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] - Start your day with Yahoo! - make it your home page - Please consider sponsoring my work on free software. See http://www.free.lp.se/sponsoring.html for details. -- Richard Levitte [EMAIL PROTECTED] http://richard.levitte.org/ "When I became a man I put away childish things, including the fear of childishness and the desire to be very grown up." -- C.S. Lewis __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Format of file index.txt database of a CA
Hi The index.txt is an ascii file consisting of four fields eg ) V 051213070133Z B3500880020644B6 unknown /C=IN/ST=TamilNadu/O=cbe/CN=test where: V - Certificate is Valid (R for revoked certificates ) 051213070133Z - Date upto which the certificate is valid B3500880020644B6 - Serial number of the certificate /C=IN/ST=TamilNadu/O=cbe/CN=test - subject of the certificateThanks, Prakash Marco Klasmeyer <[EMAIL PROTECTED]> wrote: Hello,is the format for "index.txt" database file of a CA defined somewhere?I want to run "openssl ocsp" as a small test OCSP responder, whichneeds this index file as input. For testing purposes I would like tomanipulate some lines of this file, but I can't find any documentationabout the format?By the way, is there a possibility to use a real database insteadof this plain ASCII file?Thanks in advance,Marco__OpenSSL Project http://www.openssl.orgUser Support Mailing List openssl-users@openssl.orgAutomated List Manager [EMAIL PROTECTED] Start your day with Yahoo! - make it your home page
Re:openssl compilation for mips
hi this was the string i used in configure file "vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -ansi -nostdlib -DB_ENDIAN -EB -Wl,-EB -mips2 -mno-branch-likely -G0 -fno-builtin-msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/host/x86-win32/i386-pc-mingw32/sys-include:::VXWORKS:-rranlibmips:" hope this solves ur problem regards vijay Start your day with Yahoo! - make it your home page
Re:openssl compilation for mips
hi this was the string i used in configure file "vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -ansi -nostdlib -DB_ENDIAN -EB -Wl,-EB -mips2 -mno-branch-likely -G0 -fno-builtin-msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h -I\$(WIND_BASE)/host/x86-win32/i386-pc-mingw32/sys-include:::VXWORKS:-rranlibmips:" hope this solves ur problem regards vijay Yahoo! Mail for Mobile Take Yahoo! Mail with you! Check email on your mobile phone.
Re: problems making Certificate Request
Rich Salz wrote: Suse:/etc/postfix # openssl req -new -nodes -subj '/CN=OfficeRunner.local/O=OfficeRunner/C=ZA Par' -keyout OR-key.pem -out OR-req.pem -days 3650 This command-line syntax is correct. The problem is that the C=xx field is only allowed to be a two-letter country code. What is "Par" ? /r$ LOL. It's a printing error. I printed this tutorial: http://souptonuts.sourceforge.net/postfix_tutorial.html The location (/L=Elkins Park' only printed Par. then wrapped to the next line -keyout Thanks for showing me correct. Cheers Brendon __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: problems making Certificate Request
> Suse:/etc/postfix # openssl req -new -nodes -subj > '/CN=OfficeRunner.local/O=OfficeRunner/C=ZA Par' -keyout OR-key.pem -out > OR-req.pem -days 3650 This command-line syntax is correct. The problem is that the C=xx field is only allowed to be a two-letter country code. What is "Par" ? /r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Runpath definition missing for libssl.so
Andreas Almroth wrote: As it is Solaris, use export LD_OPTIONS='-R/usr/local/openssl-0.9.7g/lib -L/usr/local/openssl-0.9.7g/lib' The linker will take that into consideration, and if you do a dump -Lv on the output file, the RUNPATH should be included. I confirm that that fix is perfect for me. I still thinks it's probably a flaw in the Makefile that my -R parameter was used for bin/openssl, and not lib/libssl.so. Anyway, looks good now, thanks again! Laurent __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
AW: problems making Certificate Request
In the C-Field of the DN only two characters are allowed. So "C=ZA Par" is
invalid.
Regards
Thomas
> -Ursprüngliche Nachricht-
> Von: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Auftrag von Brendon Schafer
> Gesendet: Donnerstag, 25. August 2005 12:47
> An: openssl-users@openssl.org
> Betreff: Re: problems making Certificate Request
>
>
> Dmitry Belyavsky wrote:
>
> >Hello!
> >
> >On Thu, 25 Aug 2005, Brendon Schafer wrote:
> >
> >
> >>I got this error message while creating a server certificate:
> >>
> >>Suse:~ # openssl req -new -subj '/CN=OfficeRunner.local
> Par - keyout
> >>OR-key.pem -out OR-req.pem -days 3650'
> >>
> >>
> >
> >Whether right quote is at place expected or it shoul be
> before keyout?
> >
> >
> Not sure if I understood you correctly, but I tried this which is an
> earlier variation of the command. I did, however move the
> quote (') to
> where I understood that you said it should have gone.
> Suse:/etc/postfix # openssl req -new -nodes -subj
> '/CN=OfficeRunner.local/O=OfficeRunner/C=ZA Par' -keyout
> OR-key.pem -out
> OR-req.pem -days 3650
> Generating a 1024 bit RSA private key
> ..++
> ++
> writing new private key to 'OR-key.pem'
> -
> problems making Certificate Request
> 6481:error:0D07A097:asn1 encoding
> routines:ASN1_mbstring_copy:string too
> long:a_mbstr.c:154:maxsize=2
>
> Thanks again
>
> Brendon
> __
> OpenSSL Project http://www.openssl.org
> User Support Mailing Listopenssl-users@openssl.org
> Automated List Manager [EMAIL PROTECTED]
>
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Format of file index.txt database of a CA
Hello, is the format for "index.txt" database file of a CA defined somewhere? I want to run "openssl ocsp" as a small test OCSP responder, which needs this index file as input. For testing purposes I would like to manipulate some lines of this file, but I can't find any documentation about the format? By the way, is there a possibility to use a real database instead of this plain ASCII file? Thanks in advance, Marco __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: problems making Certificate Request
Dmitry Belyavsky wrote:
Hello!
On Thu, 25 Aug 2005, Brendon Schafer wrote:
I got this error message while creating a server certificate:
Suse:~ # openssl req -new -subj '/CN=OfficeRunner.local Par - keyout
OR-key.pem -out OR-req.pem -days 3650'
Whether right quote is at place expected or it shoul be before keyout?
Not sure if I understood you correctly, but I tried this which is an
earlier variation of the command. I did, however move the quote (') to
where I understood that you said it should have gone.
Suse:/etc/postfix # openssl req -new -nodes -subj
'/CN=OfficeRunner.local/O=OfficeRunner/C=ZA Par' -keyout OR-key.pem -out
OR-req.pem -days 3650
Generating a 1024 bit RSA private key
..++
++
writing new private key to 'OR-key.pem'
-
problems making Certificate Request
6481:error:0D07A097:asn1 encoding routines:ASN1_mbstring_copy:string too
long:a_mbstr.c:154:maxsize=2
Thanks again
Brendon
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: problems making Certificate Request
Hello! On Thu, 25 Aug 2005, Brendon Schafer wrote: > Just subscribed. I hope this isn't an FAQ, but diagnostics on web page isn't > helping me :( > > I got this error message while creating a server certificate: > > Suse:~ # openssl req -new -subj '/CN=OfficeRunner.local Par - keyout > OR-key.pem -out OR-req.pem -days 3650' Whether right quote is at place expected or it shoul be before keyout? -- SY, Dmitry Belyavsky (ICQ UIN 6575) __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
problems making Certificate Request
Hi All Just subscribed. I hope this isn't an FAQ, but diagnostics on web page isn't helping me :( I got this error message while creating a server certificate: Suse:~ # openssl req -new -subj '/CN=OfficeRunner.local Par - keyout OR-key.pem -out OR-req.pem -days 3650' Generating a 1024 bit RSA private key .++ .++ writing new private key to 'privkey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: - problems making Certificate Request 6168:error:0D07A097:asn1 encoding routines:ASN1_mbstring_copy:string too long:a_mbstr.c:154:maxsize=64 TIA Brendon __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
