Re: Newbie Needs Help!!!
Hello, > Trying to use OpenSSL 0.9.8 on a VMS system. Specifically, I'm having > problems using OpenSSL underneath OpenLDAP to talk to another non-OpenLDAP > system and can't get THAT to work. It's been suggested that I use OPENSSL > S_CLIENT to ensure my basic certificates are correct. > > My CA is another system (Windows) and I requested it to create the trusted > root certificate in PKCS7 format, which I copied to my VMS system. I can > use OPENSSL PKCS7 to view the package contents, and it contains a single > certificate. I then tried to do an OPENSSL VERIFY on that package, and it > keeps coming up with "NO START LINE" and "EXPECTING: TRUSTED CERTIFICATE" > errors. Finally, I tried "openssl s_clienit -connect :636 > -certfore der -CAfile > and it comes up with the following: s_client uses PEM certificate list, try to convert this: $ openssl pkcs7 -in CA.p7b -inform der -print_certs > CA.pem and then use CA.pem in CAfile parameter. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Verify of generated certificate fails
Hello,
> Like described in the Linux Samba-OpenLDAP Howto form IDEALX.com
> I performed the following steps to create a certificate for my
> server:
>
> Basedirectory /etc/openldap
>
> 1) create directory structure
> mkdir certs csr data keys private data/ca.db.certs
> ln -s data datas
>
> 2) touch private/ca.key data/ca.db.serial
> cp /dev/null data/ca.db.index
>
> 3) Generate pseudo-random bytes
> openssl rand 1024 > data/random-bits
>
> 4) create the key for the CA
> openssl genrsa -des3 -out private/ca.key 1024 -rand data/random-bits
> chmod 600 private/ca.key
>
> 5) Self-sign the root CA
> openssl req -new -x509 -days 3650 -key private/ca.key -out
> certs/ca.pem
Try to check here:
$ openssl verify -CAfile certs/ca.pem certs/ca.pem
> 6) create a configuration ca.conf file for the CA containing:
> default_md= md5
Change to sha1 - md5 is not secure.
> 8) create the server key and certificate for ldap.pdnet.net server
> create the key for the server ldap.pdnet.net
> openssl genrsa -out keys/ldap.pdnet.net.key 1024
>
> 9) create certificate data for ldap.pdnet.net
> openssl req -new -key keys/ldap.pdnet.net.key -out
> csr/ldap.pdnet.net.csr
>
> 10) sign the ldap.pdnet.net certificate with the CA one
> openssl ca -config ca.conf -out certs/ldap.pdnet.net.txt -infiles
> csr/ldap.pdnet.net.csr
>
> 11) extract the ldap.pdnet.net certificate
> perl -n -e ´m/BEGIN CERTIFICATE/ && do {$$seen=1}; $$seen && print;´ <
> certs/ldap.pdnet.net.txt > certs/ldap.pdnet.net.pem
Add "-notext" option to "openssl ca" to not write this text info.
> Everything went fine up to here, but when I try to verify my
> certificate I get the following error:
>
> openssl verify -CAfile certs/ca.pem certs/ldap.pdnet.net.pem
>
> Result:
> certs/ldap.pdnet.net.pem: /C=DE/ST=Baden-
> Wuerttemberg/L=Stuttgart/O=Patschull-Design/OU=IT-Service/CN=Michael
> Patschull/[EMAIL PROTECTED] error 18 at 0 depth
> lookup:self signed certificate
> /C=DE/ST=Baden-Wuerttemberg/L=Stuttgart/O=Patschull-Design/OU=IT-
> Service/CN=Michael Patschull/[EMAIL PROTECTED] error 7 at
> 0 depth lookup:certificate signature failure 4495:error:0407006A:rsa
> routines:RSA_padding_check_PKCS1_type_1:block type is not
> 01:rsa_pk1.c:100: 4495:error:04067072:rsa
> routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:632:
> 4495:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP
> lib:a_verify.c:168:
This means that after decrypting signature of ldap.pdnet.net.pem
certificate with public key from ca.pem instead of ASN.1
AlgorithmIdentifier structure we have some garbage.
Probably signature was sign (encrypted with private key) with
private key not from CA or public key in ca.pem is not from
compatible CA pair - this should be checked.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Re: Basic OpenSSL Question
The underlying code includes the following modes: AES_ecb_encrypt AES_cbc_encrypt AES_cfb128_encrypt AES_cfb1_encrypt AES_cfb8_encrypt AES_ofb128_encrypt AES_ctr128_encrypt So CTR is in, but CWC and GCM are not. Steven Pauly Pitney Bowes GMS This email message may contain confidential, proprietary and/or privileged information. It is intended only for the use of the intended recipient(s). If you have received it in error, please immediately advise the sender by reply email and then delete this email message. Any disclosure, copying, distribution or use of the information contained in this email message to or by anyone other than the intended recipient is strictly prohibited. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to the views of the Company. Thank you. "Richard Conlan" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 09/22/2006 02:15 PM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject Re: Basic OpenSSL Question This message (http://www.mail-archive.com/openssl-users@openssl.org/msg29864.html) at least suggests that CTR mode actually is supported? All I can really find are threads basically saying "Yup, AES is in there" but without any useful followup. =( ~RMC On 9/22/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > I asked a similar question and got no answer. In fact, my question wasn't > even posted. > (Maybe I am doing something wrong.) Anyway, it appears that some modes are > available, > but the ones I am looking for, CTR, CWC, and GCM are not supported. Check > out > > http://fp.gladman.plus.com for AES and the aforementioned cipher modes. > > Alan > > > -Original Message- > From: [EMAIL PROTECTED] > To: openssl-users@openssl.org > Sent: Fri, 22 Sep 2006 1:20 PM > Subject: Basic OpenSSL Question > > > > I am considering OpenSSL for a project and needed some quick info. > > Does the OpenSSL crypto library support AES? Which modes? From the > on-line documentation on the website this does not appear to be the > case (http://www.openssl.org/docs/crypto/crypto.html), but > of course > typing "openssl ciphers" returns results including various forms of > AES. But I wasn't sure if this reflected support in the library itself > when not used for SSL/TLS. If the OpenSSL crypto library does not > support AES, any suggestions for similarly licensed libraries that do? > > Can anybody provider a pointer to example code, etc., on using the > OpenSSL crypto library? good books on the subject? > > Regards, > > Richard M. Conlan > __ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > > > Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading > spam and email virus protection. > __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: Basic OpenSSL Question
This message (http://www.mail-archive.com/openssl-users@openssl.org/msg29864.html) at least suggests that CTR mode actually is supported? All I can really find are threads basically saying "Yup, AES is in there" but without any useful followup. =( ~RMC On 9/22/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: I asked a similar question and got no answer. In fact, my question wasn't even posted. (Maybe I am doing something wrong.) Anyway, it appears that some modes are available, but the ones I am looking for, CTR, CWC, and GCM are not supported. Check out http://fp.gladman.plus.com for AES and the aforementioned cipher modes. Alan -Original Message- From: [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Fri, 22 Sep 2006 1:20 PM Subject: Basic OpenSSL Question I am considering OpenSSL for a project and needed some quick info. Does the OpenSSL crypto library support AES? Which modes? From the on-line documentation on the website this does not appear to be the case (http://www.openssl.org/docs/crypto/crypto.html), but of course typing "openssl ciphers" returns results including various forms of AES. But I wasn't sure if this reflected support in the library itself when not used for SSL/TLS. If the OpenSSL crypto library does not support AES, any suggestions for similarly licensed libraries that do? Can anybody provider a pointer to example code, etc., on using the OpenSSL crypto library? good books on the subject? Regards, Richard M. Conlan __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] Check Out the new free AIM(R) Mail -- 2 GB of storage and industry-leading spam and email virus protection. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Verify of generated certificate fails
Hello out there,
I plan to use TLS for the communication between LDAP and Samba
on a OpensSuSE 10.1 Linux box with kernel 2.6.16.21-0.21-default
and OpenSSL 0.9.8a.
Like described in the Linux Samba-OpenLDAP Howto form IDEALX.com
I performed the following steps to create a certificate for my
server:
Basedirectory /etc/openldap
1) create directory structure
mkdir certs csr data keys private data/ca.db.certs
ln -s data datas
2) touch private/ca.key data/ca.db.serial
cp /dev/null data/ca.db.index
3) Generate pseudo-random bytes
openssl rand 1024 > data/random-bits
4) create the key for the CA
openssl genrsa -des3 -out private/ca.key 1024 -rand data/random-bits
chmod 600 private/ca.key
5) Self-sign the root CA
openssl req -new -x509 -days 3650 -key private/ca.key -out
certs/ca.pem
6) create a configuration ca.conf file for the CA containing:
[ ca ]
default_ca= default_CA
[ default_CA ]
dir = . # Where everything is kept
certs = ./certs # Where the issued certs
new_certs_dir = ./data/ca.db.certs # Where the issued crl are
database = ./data/ca.db.index # database index file
serial= ./data/ca.db.serial # The current serial number
RANDFILE = ./data/random-bits # private random number file
certificate = ./certs/ca.pem # The CA certificate
private_key = ./private/ca.key# The private key
default_days = 730
default_crl_days = 30
default_md= md5
preserve = no
x509_extensions = server_cert
policy= policy_anything
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName= optional
commonName= supplied
emailAddress = optional
[ server_cert ]
#subjectKeyIdentifier = hash
authorityKeyIdentifier= keyid:always
extendedKeyUsage = serverAuth,clientAuth,msSGC,nsSGC
basicConstraints = critical,CA:false
7) initialize the serial database
echo ´01´ > data/ca.db.serial
8) create the server key and certificate for ldap.pdnet.net server
create the key for the server ldap.pdnet.net
openssl genrsa -out keys/ldap.pdnet.net.key 1024
9) create certificate data for ldap.pdnet.net
openssl req -new -key keys/ldap.pdnet.net.key -out
csr/ldap.pdnet.net.csr
10) sign the ldap.pdnet.net certificate with the CA one
openssl ca -config ca.conf -out certs/ldap.pdnet.net.txt -infiles
csr/ldap.pdnet.net.csr
11) extract the ldap.pdnet.net certificate
perl -n -e ´m/BEGIN CERTIFICATE/ && do {$$seen=1}; $$seen && print;´ <
certs/ldap.pdnet.net.txt > certs/ldap.pdnet.net.pem
Everything went fine up to here, but when I try to verify my
certificate I get the following error:
openssl verify -CAfile certs/ca.pem certs/ldap.pdnet.net.pem
Result:
certs/ldap.pdnet.net.pem: /C=DE/ST=Baden-
Wuerttemberg/L=Stuttgart/O=Patschull-Design/OU=IT-Service/CN=Michael
Patschull/[EMAIL PROTECTED] error 18 at 0 depth
lookup:self signed certificate
/C=DE/ST=Baden-Wuerttemberg/L=Stuttgart/O=Patschull-Design/OU=IT-
Service/CN=Michael Patschull/[EMAIL PROTECTED] error 7 at
0 depth lookup:certificate signature failure 4495:error:0407006A:rsa
routines:RSA_padding_check_PKCS1_type_1:block type is not
01:rsa_pk1.c:100: 4495:error:04067072:rsa
routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:632:
4495:error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP
lib:a_verify.c:168:
It would be great if someone can tell me what I have to do differently.
Are the certificates maybe expected in a special directory (e.g. /etc/ssl)?
I already googled for the error and even found a mail for
RSA_EAY_PUBLIC_DECRYPT in this list, but to be honest - I did not understand
how it could help me.
I guess the anwer to my problem will be very simple, but I am not a
security/ssl specialist - I just have to use it for a simple certificate to get
our Samba/LDAP server going!
Thanks for your help!
Regards,
Michael
--
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
Basic OpenSSL Question
I am considering OpenSSL for a project and needed some quick info. Does the OpenSSL crypto library support AES? Which modes? From the on-line documentation on the website this does not appear to be the case (http://www.openssl.org/docs/crypto/crypto.html), but of course typing "openssl ciphers" returns results including various forms of AES. But I wasn't sure if this reflected support in the library itself when not used for SSL/TLS. If the OpenSSL crypto library does not support AES, any suggestions for similarly licensed libraries that do? Can anybody provider a pointer to example code, etc., on using the OpenSSL crypto library? good books on the subject? Regards, Richard M. Conlan __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Newbie Needs Help!!!
Trying to use OpenSSL 0.9.8 on a VMS system. Specifically, I'm having problems using OpenSSL underneath OpenLDAP to talk to another non-OpenLDAP system and can't get THAT to work. It's been suggested that I use OPENSSL S_CLIENT to ensure my basic certificates are correct. My CA is another system (Windows) and I requested it to create the trusted root certificate in PKCS7 format, which I copied to my VMS system. I can use OPENSSL PKCS7 to view the package contents, and it contains a single certificate. I then tried to do an OPENSSL VERIFY on that package, and it keeps coming up with "NO START LINE" and "EXPECTING: TRUSTED CERTIFICATE" errors. Finally, I tried "openssl s_clienit -connect :636 -certfore der -CAfile and it comes up with the following: CONNECTED(0003) depth=0 /CN=adtest.altdomain2000.psccos.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /CN=adtest.altdomain2000.psccos.com verify error:num=27:certificate not trusted verify return:1 depth=0 /CN=adtest.altdomain2000.psccos.com verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/CN=adtest.altdomain2000.psccos.com i:/C=US/ST=CO/L=Colorado Springs/O=Process Software/CN=homeca --- Server certificate -BEGIN CERTIFICATE- MIIFijCCBTSgAwIBAgIKYQMaYgAAAjANBgkqhkiG9w0BAQUFADBhMQswCQYD VQQGEwJVUzELMAkGA1UECBMCQ08xGTAXBgNVBAcTEENvbG9yYWRvIFNwcmluZ3Mx GTAXBgNVBAoTEFByb2Nlc3MgU29mdHdhcmUxDzANBgNVBAMTBmhvbWVjYTAeFw0w NjA5MTQxNjU3NDdaFw0wODA5MTQxNzA3NDdaMCoxKDAmBgNVBAMTH2FkdGVzdC5h bHRkb21haW4yMDAwLnBzY2Nvcy5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJ AoGBAL7nVRO9pvigvqim4cqetHJu56PQlPw2MSJe2/SYcxrnA2SsdSvbBAwVTEPZ KUqGOyGfXDV02S07MX9GR5X66YS1qkGfBzeSbX7Yx1ti9+J/PODkyZh2vwlRtTHj PQzZ0X6p+Z5eevDxkE4lJ0jWitvhwlZF3H3X3AsBsjltqnQpAgMBAAGjggO/MIID uzALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMC8G CSsGAQQBgjcUAgQiHiAARABvAG0AYQBpAG4AQwBvAG4AdAByAG8AbABsAGUAcjAd BgNVHQ4EFgQUIdHmJF8ClHMKh5ciCj+UrQtuwZkwgZoGA1UdIwSBkjCBj4AUovZy djchr9mywKUw9EvkaSvBoDuhZaRjMGExCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJD TzEZMBcGA1UEBxMQQ29sb3JhZG8gU3ByaW5nczEZMBcGA1UEChMQUHJvY2VzcyBT b2Z0d2FyZTEPMA0GA1UEAxMGaG9tZWNhghBRMq+GTAdMg0PtqnzeHGUHMIIBGQYD VR0fBIIBEDCCAQwwgcWggcKggb+GgbxsZGFwOi8vL0NOPWhvbWVjYSxDTj1hZHRl c3QsQ049Q0RQLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2Vz LENOPUNvbmZpZ3VyYXRpb24sREM9YWx0ZG9tYWluMjAwMCxEQz1wc2Njb3MsREM9 Y29tP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RjbGFzcz1j UkxEaXN0cmlidXRpb25Qb2ludDBCoECgPoY8aHR0cDovL2FkdGVzdC5hbHRkb21h aW4yMDAwLnBzY2Nvcy5jb20vQ2VydEVucm9sbC9ob21lY2EuY3JsMIIBNAYIKwYB BQUHAQEEggEmMIIBIjCBtQYIKwYBBQUHMAKGgahsZGFwOi8vL0NOPWhvbWVjYSxD Tj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049 Q29uZmlndXJhdGlvbixEQz1hbHRkb21haW4yMDAwLERDPXBzY2NvcyxEQz1jb20/ Y0FDZXJ0aWZpY2F0ZT9iYXNlP29iamVjdGNsYXNzPWNlcnRpZmljYXRpb25BdXRo b3JpdHkwaAYIKwYBBQUHMAKGXGh0dHA6Ly9hZHRlc3QuYWx0ZG9tYWluMjAwMC5w c2Njb3MuY29tL0NlcnRFbnJvbGwvYWR0ZXN0LmFsdGRvbWFpbjIwMDAucHNjY29z LmNvbV9ob21lY2EuY3J0MEsGA1UdEQREMEKgHwYJKwYBBAGCNxkBoBIEENuNPV9r O/hNswSDqOAydGmCH2FkdGVzdC5hbHRkb21haW4yMDAwLnBzY2Nvcy5jb20wDQYJ KoZIhvcNAQEFBQADQQBBwxlOIAYrY7CjsR09PEgdDhGDdcky2VYUQ6sYf8Bict28 jezE705z/+I9heVmrNQESfHPvSEk/bJ/Ge3vG+S4 -END CERTIFICATE- -END CERTIFICATE- subject=/CN=adtest.altdomain2000.psccos.com issuer=/C=US/ST=CO/L=Colorado Springs/O=Process Software/CN=homeca --- Acceptable client certificate CA names /C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority - G2/OU =(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network /C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority - G2/OU =(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services Division/CN=Thawte Personal Freemail CA/[EMAIL PROTECTED] m /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services Division/CN=Thawte Personal Premium CA/[EMAIL PROTECTED] /C=US/O=First Data Digital Certificates Inc./CN=First Data Digital Certificates Inc. Certification Authority /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services Division/CN=Thawte Personal Basic CA/[EMAIL PROTECTED] /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority /C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority /C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority - G2/OU =(c) 1998 VeriSign, Inc. - For authorized use only/OU=VeriSign Trust Network /C=US/O=GTE Corporation/CN=GTE CyberTrust Root /C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Glob al Root /OU=Copyright (c) 1997 Microsoft Corp./OU=Microsoft Corporation/CN=Microsoft Roo t Authority /C=US/ST=CO/L=Colorado Springs/O=Process Software/CN=homeca /C=US/O=VeriSign, Inc./OU=Class 2
Re: Any API available to get the CRL's next update time in seconds?
On Fri, Sep 22, 2006, [EMAIL PROTECTED] wrote: > > Hi Team, > > How to I get the next update time of CRL in no. of seconds? > > The API of X509_CRL_get_nextUpdate(crl) returning value in different > format(ASN1_TIME). How do I convert that API's return value in to > "seconds"? My aim is to obtain the next CRL update time in seconds. How > to achieve that? In general this isn't possible because ASN1_TIME can represent a wider range of times that the (normallly 32 bit) time_t. There was a function which attempted to do this in crytpo/asn1/a_utctm.c but that's now commented out for the reasons given. If you have timegm on your system you could try adapting that. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Any API available to get the CRL's next update time in seconds?
Hi Team, How to I get the next update time of CRL in no. of seconds? The API of X509_CRL_get_nextUpdate(crl) returning value in different format(ASN1_TIME). How do I convert that API's return value in to "seconds"? My aim is to obtain the next CRL update time in seconds. How to achieve that? I am using the following logic: == ASN1_TIME *ctm; int tm; ctm = X509_CRL_get_nextUpdate(crl);tm = X509_cmp_current_time(ctm); === X509_cmp_current_time() API returns positive integer. It is of aproximately in no. of hours (the crl will be update after these many no.of hours.) So I am converting that time in to seconds. Is it right? Are there any APIs available to get the CRL's next update time in seconds? Could some body throw some light on the same? With best regards, -Surendra With best regards, -Surendra The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com
