openssl usage questions
Hello, I'm new to the OpenSSL community. Please help to clarify my following questions. 1) Can OpneSSL be used for IPsec certificate? 2) Does OpenSSL provide APIs to support the Cut-and-Paste certificate enrollment for the IPsec certificate with the non-OpenSSL CAs/PKIs, e.g. VeriSign PKI & MicroSoft CA)? If so, what are the APIs, how is it done, & are there examples? 3) Does OpenSSL provide command line interface to support the Cut-and-Paste certificate enrollment for the IPsec certificate with the non-OpenSSL CAs/PKIs, e.g. VeriSign PKI & MicroSoft CA)? If so, what are the commands, how is it done, & are there examples? 4) In general, how is the root CA certificate retrieved & in what format? Also, how is it used in the Cut-and-Paste certificate enrollment process? Which specific APIs and commands are used to validate an enrolled certificate with the root CA (certificate issuer's) certificate? Thank you in advance for answering the above questions! Jinn__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: openssl usage questions
Here are answer's to some of your questions: 1. OpenSsl supports the X509 v3 certificate format which is used by IPSEC. So certificates generated by OpenSsl can be used for IPSEC. 2. OpenSsl has support for cut and paste mechanism (you mean PKCS10/PKCS7!). Look at apps/req.c (generation of PKCS10 or CSR) and apps/pkcs7.c. The CSR generated using OpenSsl can be used with most of the CA (I have tested with Verisign, SSH, Thawte). Regards, Prashant. Jinn Su <[EMAIL PROTECTED]> wrote: Hello, I'm new to the OpenSSL community. Please help to clarify my following questions. 1) Can OpneSSL be used for IPsec certificate? 2) Does OpenSSL provide APIs to support the Cut-and-Paste certificate enrollment for the IPsec certificate with the non-OpenSSL CAs/PKIs, e.g. VeriSign PKI & MicroSoft CA)? If so, what are the APIs, how is it done, & are there examples? 3) Does OpenSSL provide command line interface to support the Cut-and-Paste certificate enrollment for the IPsec certificate with the non-OpenSSL CAs/PKIs, e.g. VeriSign PKI & MicroSoft CA)? If so, what are the commands, how is it done, & are there examples? 4) In general, how is the root CA certificate retrieved & in what format? Also, how is it used in the Cut-and-Paste certificate enrollment process? Which specific APIs and commands are used to validate an enrolled certificate with the root CA (certificate issuer's) certificate? Thank you in advance for answering the above questions! Jinn __Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
RE: openssl usage questions
Greetings, I am bit new to this. So if someone can help, I will be grateful. I downloaded because OpenSSL because I am trying to get define a htttp port on Tomcat. To do so I seem to need a keystore file. Searching on keystore led me to OpenSSL. Following some instructions I found, I can generate a .key file ok. But, I blow up trying to generate the CSR. I make it through the prompts and then get the following error messages: 1764:error:0E06D06C:configuration file routines:NCONF_get_string:no value:.\crypto\conf\conf_lib.c:329:group=req_attributes name=unstructuredName_min1764:error:0E06D06C:configuration file routines:NCONF_get_string:no value:.\crypto\conf\conf_lib.c:329:group=req_attributes name=unstructuredName_max1764:error:04075070:rsa routines:RSA_sign:digest too big for rsa key:.\crypto\rsa\rsa_sign.c:118:1764:error:0D080006:asn1 encoding routines:ASN1_sign:EVP lib:.\crypto\asn1\a_sign.c:275: Thanks for any help. -SP
