RE: ISO 15782-2
RFC2459 was obsoleted by RFC3280 - so just read this one. Regards, Jochen. This is a general problem with the ISO documentation. The IETF response was to generate a profile of X.509 for use in the Internet; this document was also designed to give readers enough information to skip reading the ISO document itself. Suggest you read this document: Internet X.509 Public Key Infrastructure Certificate and CRL Profile This is Internet RFC 2459 and Chapter 6 is all about Certificate Path Validation There is reference to ISO 15782-2 standard in the X.509 and X9.68 documentation. This standard describes certificate verification process. I try to find this document, but meet only payd links. The price of 122 CHF is so expencive. Can anybody help me with this document? -- Charles B. (Ben) Cranston mailto:zben;umd.edu http://www.wam.umd.edu/~zben __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: Install Problems with OpenSSL 0.9.6d and Apache 1.3.26
Probably a problem in your httpd.conf. If you like you can send me your httpd.conf - I'll try to fix it. Bye, Jochen. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Joseph Botto Sent: Thursday, July 11, 2002 2:57 AM To: [EMAIL PROTECTED] Cc: Graham Subject: Install Problems with OpenSSL 0.9.6d and Apache 1.3.26 Hello all. I'm new to all of this stuff, and am desparately in need of some help. Here's the deal: I'm installing Apache 1.3.26, OpenSSL 0.9.6d, PHP 4.2.1, MySQL 3.23, mod_ssl 2.8.10, etc on a Red Hat v7.2 box. Now, everything installs and compiles properly (without errors), yet SSL is not working. When I do an nmap localhost, it says that Apache is listening on 80 and 443. But, trying to go to https://servername gives a Cannot Find Server. Also, Apache doesn't write anything to the error_log or access_log about those attempted accesses, nor does anything show up in the ssl_engine logs. A list of all the commands I executed are here: http://iras.reserv.usf.edu/dox.txt Can someone help? =) -Joe [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
req -set_serial doesn't work
Hello, I try to create a self-signed root certificate with openssl req -new -x509 -days 9131 -key CAkey.pem -out CAcert.pem . OK - works. But the serial number is 0. Then I try to set the serial number. I found no way to do it in openssl.cnf. The documentation mentions an option for req: -set_serial n serial number to use when outputting a self signed certificate. But it doesn't work - when I use this option I always get only the usage message. I used openssl req -new -x509 -days 9131 -key CAkey.pem -out CAcert.pem -set_serial 1 and tried also -serial, -setserial etc.. Is this not yet implemented? Is there any way to set the serial number of self-signed certificates to another value than 0 ? Best regards, Jochen Keutel. --- Dr. Jochen Keutel Wusterhausener Str. 8 D-15732 Eichwalde Germany phone +49 30 678 19189 mobile +49 177 6572720 e-mail [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: req -set_serial doesn't work
Hello, set_serial is in OpenSSL 0.9.7 only. thanks. I'm using 0.9.6d. I've been confused because the documentation on http://www.openssl.org/ showed this flag - and I didn't know that also features of coming versions (0.9.7 is still Beta ...) are shown. I should have read the changelog (http://www.openssl.org/news/changelog.html) before ... There is clearly stated that this comes new with 0.9.7. Thanks again, Jochen. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
