Hi Martin,
in the interest of trying to push the IETF to work on the standards,
could you post to the p...@ietf.org WG ? (very low volume mailing list -
mailman interface is https://www.ietf.org/mailman/listinfo/pkix)
Cheers,
Max
On 7/30/14, 6:16 AM, Martin Hecht wrote:
Hi all,
especially
Hi All,
As many of us have probably had to deal with some pain points when
developing and/or using applications together with X509 PKIs. I hope
that the projects we promote (i.e., OpenCA PKI, OpenCA OCSPD, and
LibPKI) have been helpful in providing useful solution. However, issues
still exist
Original Message
Subject:Cisco SCEP configuration
Date: Tue, 08 Jul 2014 13:36:06 -0400
From: Jon Leonard
To: supp...@openca.org
Hi there,
I'm trying to set up OpenCA 1.5.0 as the CA for my ASA's VPN certs and
I'm having a bit of trouble. No useful debuggin
at the backup and restore logic that created the rowids
in the first place. Something is not right there...
Dave
----
* From: *Massimiliano Pala [direc...@openca.org]
* Sent: *07/22/2014 04:24 PM AST
* To:
Dave,
(to be more precise) the DBI.pm module should be located in:
/lib/openca/perl_modules/perl5/OpenCA/DBI.pm
Cheers,
Max
On 7/22/14, 4:21 PM, Massimiliano Pala wrote:
Hi Dave,
Small update - I checked the code for 1.5. It seems that (for the
search only) the order is specified as
ht be that
the behavior between the two different versions changed, but this
proposed fix should probably work since it is the same DBMS. Let me know
if it does or does not.
On 7/22/14, 4:04 PM, Massimiliano Pala wrote:
Hi Dave,
as far as I remember the ORDER BY is done on the rowid of the tab
Hi Dave,
as far as I remember the ORDER BY is done on the rowid of the tables. I
would have to check the repository for changes in that area, but I do
not think we changed it from 1.0.2 (but I have not verified that). The
ASCENDING is not specified in the query.. so this takes me to the next
Hi Dave,
can you be more specific as to what sorting issues are you facing ?
Cheers,
Max
On 7/22/14, 1:37 PM, David Blaine wrote:
> Has anyone seen sort order problems after migrating?
>
> Dave
>
>
> --
> Want fast and e
p://p.sf.net/sfu/learndevnow-dev2
___
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
--
http://member.acm.org/~openca/
Massimiliano Pala, Ph.D.
Director, OpenCA Labs
Professor, NYU Poly
smime.p7s
Descriptio
#x27;,
'./openca_stop.template', './openca_stop')
I tried to use openca-base-1.1.0 since with openca-base-1.1.1 I had some
compilation issues. This time everything went fine with compilation and
installation but when I try to generate the configuration files I face the
same pro
late.
Why do I get this fault? Is this a bug?? Could someone help me with this a
bit??
Thanks very much in advance.
--
http://member.acm.org/~openca/
Massimiliano Pala, Ph.D.
Director, OpenCA Labs
Professor, NYU Poly
smime.p7s
Description: S/MIME
wrote:
Hi List,
I have a need to generate a web server cert that has a lot of CN's (about 50).
This
exceeds the command line length so openssl errors out during the request phase.
Can anyone
point me on how I can address this issue?
Dave
--
http://member.acm.org/~openca/
Massimiliano
; much more. Register early& save!
http://p.sf.net/sfu/rim-blackberry-1
___
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
--
http://member.acm.org/~openca/
Massimi
ix:
How To Retrieve the Top-Level IWebBrowser2 Interface from an ActiveX Control
http://support.microsoft.com/kb/q257717/
..."
Tom
Massimiliano Pala-3 wrote:
Hello Guys,
is there any news about this ? I have not been able to follow up on this
part since a lot of efforts are being pu
acm.org/~openca/
Massimiliano Pala, Ph.D.
Director, OpenCA Labs
Professor, NYU Poly
smime.p7s
Description: S/MIME Cryptographic Signature
--
10 Tips for Better Web Security
Learn 10 ways to better secure your busines
tificate Revocation Request form.
>
> I'm using an older Firefox 2.0 installation now to access these functions.
>
> Does anyone else have the same problem? Is this a known issue?
>
>
> Geert
>
>
>
> PS: the OpenCA web interface does not work *at all*
ore. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
___
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
--
http://member.acm.o
://tsa.example.com
Cheers,
Max
On 07/07/2011 11:39 AM, Safe wrote:
On 07/07/2011 07:45 PM, Massimiliano Pala wrote:
Hi,
we currently do not have a timeStamping service provided with OpenCA,
however, you could tweek an OCSP client in order to achieve the same
but that requires some work which we
--
http://member.acm.org/~openca/
Massimiliano Pala, Ph.D.
Director, OpenCA Labs
Professor, NYU Poly
smime.p7s
Description: S/MIME Cryptographic Signature
--
All of the data generated in your IT infrastructure is seriously
a setup using OCSP with SHA-256, although planned in
> the future. If you have a test setup deployed let me know in private,
> maybe I could open a bug in Cisco to solve this there. Although a
> workaround should be needed.
>
> Regards,
> Carlos Vel
78: CRYPTO_PKI: Certificate not validated
> Jun 15 07:00:31.278: %CRYPTO-5-IKMP_INVAL_CERT: Certificate received from
> 10.1.2.3 is bad: certificate invalid
>
> My second question: do you know what "Certificate not validated" says to me?
> Do I use th
Erwin
--
http://member.acm.org/~openca/
Massimiliano Pala, Ph.D.
Director, OpenCA Labs
Professor, NYU Poly
--
EditLive Enterprise is the world's most technically advanced content
authoring tool. Experience the power of
t;
>
> *Re: OpenCA support*Link
>
>
>
> *Arijit Bose *to: Massimiliano Pala
> 06/08/2011 10:41 AM
>
>
> Phone: +918042069950 , Mobile: +919739493321
>
>
>
>
> -
the needed
info from our existing certificates and populate the database and the
filesystem with that information). Before I proceed, is there some
documentation I am missing?
Best regards,
Pablo
--
http://member.acm.org/~openca/
Massimiliano Pala, Ph.D.
Director, OpenCA Labs
Professor, N
now: Can openca-scep do that job?
Neither at google nor anywhere else I found a documentation on how to use
openca-scep for that job.
Is there any documentation about this out there?
Thanks ind advance
--
http://member.acm.org/~openca/
Massimiliano Pala, Ph.D.
Director, OpenCA Labs
Prof
t requires full CMP
support ?
Cheers,
max
--
http://member.acm.org/~openca/
Massimiliano Pala, Ph.D.
Director, OpenCA Labs
Professor, NYU Poly
smime.p7s
Description: S/MIME Cryptographic Signature
--
What Every C/C++ a
t using ipvs (IP Virtual Server) with two OpenCA
> balanced nodes and a central MySQL in cluster for backend.
>
> Anyone has experience with a similar setup or another setup for high
> availablity?
>
> Regards,
> Carlos Velasco
--
http://member.acm.org/~openca/
Massimiliano P
/IE7
(where it works) with later versions.
Vista SP1 (SP1 is required to run IE8) does not work and throws the same
error as Win 7.
There is no difference between 32 and 64-bit versions.
Tom
--
Best Regards,
Massimiliano Pala
--o
Hi Abhay,
I would advise not to use that LiveCD. It is outdated. My suggestion is to
start from the sources of openca-tools and openca-base.
Cheers,
Max
On 03/09/2011 12:18 PM, Abhay Bakshi (AEGIS.net) wrote:
Hi Max,
Thank you for a detailed reply. We will use your e-mail as a lead.
In the
Hi Frank,
this is actually a design feature. We think that automatically deleting the
CA key from the Web interface is *extremely* risky. So, in case you need to
do it, you have to actively go into the private key's directory and manually
remove it.
It might be easier to allow that from the CA w
Hi,
check the token.xml file - and make sure that the openssl command is correctly
configured there. Also check that the other directories there exist. Last but
not least - have you installed the openca-tools package before installing the
openca-base ? If so, try to execute the command 'openca-sv
Hi Abhay,
for the tools they are all named openca-* so it should be easy to
uninstall them. Usually the default prefix is /usr, so you will find
them in /usr/bin.
For uninstalling OpenCA, it is a little trickier... have you installed
it from source files or from a binary distro ? If the first, a
; 275.
> BEGIN failed--compilation aborted at
> /opt/install/openca-base/lib/openca/functions/initServer line 44, line
> 275.
> Compilation failed in require at
> /opt/install/openca-base/etc/openca/openca_start line
> 65, line 275.
>
Hi Frank,
please apply the patches that are available on the wiki - those should solve
the issue (got to www.openca.org -> WiKi).
Cheers,
Max
On 02/22/2011 07:03 AM, Frank, Petric (Petric) wrote:
Hello,
Installed openca-tools (v. 1.3.0) and openca-base (v. 1.1.1) on Gentoo-Linux
host. Perl
aster, so if someone could give me a hint to fix this.
## OpenCA - Command
## (c) 1998-2001 by Massimiliano Pala and OpenCA Group
## (c) Copyright 2002-2004 The OpenCA Project
##
## File Name: pkcs10_req
## Brief: pkcs10 request handling
## Description: pkcs10 requests will be ha
evfeb
___
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
--
Best Regards,
Massimiliano Pala
--o
Massimiliano Pala [O
ntel-dev2devfeb
___
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
--
Best Regards,
Massimiliano Pala
--o---
Tasks:
==
Massimiliano Pala is currently working on:
o Enhancing support for ECDSA;;
o Debugging;
Open Issues:
o
Wishes:
===
o
References:
===
The OpenCA Project main website can be found at
http://www.openc
oad config)
o Extended ECDSA support (configuration option) and fixed
ECDSA get Algorithm by Name (now working with ECDSA-SHA1,
ECDSA-SHA256,...)
o New library versioning
Current Project developers' Tasks:
==
Massimili
Hi Riger,
Safari is supported. I just tested it (on Mac) and it works fine with the
browser request (v1.1.1). Probably the issue is with Safari on Win which
has some issues with accessing the crypto stack.
For Chrome, i tested it on Mac too, and it works fine. On Windows, only
server-side key ge
Hi all,
are you thinking about auto-revoking approved requests or just auto-revoking
any type of requests ? The second type is too dangerous and will never be
implemented - since the request has not been validated a malicious user can
try to have someone else's cert revoked.
However, if approval
I don't think it would be a problem, but it might be an issue if the
libs versions are different between the two systems.
I would suggest you to download the source code. It is fairly straightforward
to install it from sources, just do the following:
$ ./configure --prefix=/opt/openca-1.1.1
Tasks:
==
Massimiliano Pala is currently working on:
o Multiple certificate/keys usage for different CA
o LibPKI v0.6.0 support
o Harware support (PKCS#11, OpenSSL Engine)
o Support for POST and GET HTTP methods
o Support for EC key/certificates (if supported by
installed Op
Hello,
I suggest you to wait until the v2.0.0 will be released (very soon). Then
download the package and follow the instructions in the INSTALL/README
files.
If you have specific issues, please, write to the OCSPD mailing list (you
have to subscribe).
Cheers,
Max
On 11/03/2010 10:21 AM, mahm
hen trying to start openca via init.d I get the next error:
Starting OpenCA ... Bareword "ERR_USER_UNKNOWN" not allowed while "strict subs" in
use at /opt/openca/lib/openca/perl_modules/perl5/OpenCA/User.pm line 358, line 275.
Did I miss an installation step?
--
Best Regar
e tools like OpenSSL to extract
the private key from the .p12 file (PKCS12).
later,
Max
On 09/27/2010 01:48 PM, Kouame Robin wrote:
Morning Dear professor MASSIMILIANO Pala
I succed to install OpenCA ten ten on CentOS 5.3 with Firefox browser.
I'm now performing it, but I don't know
username/password auth in URL interface
Current Project developers' Tasks:
==
Massimiliano Pala is currently working on:
- Continuing Integration of TPM for Key operations/management;
- Enhancing support for PKCS#11 devices (DSA and
ormat.
This functionality previously existed in the old OpenCA 0.9.x build.
Help?
--
Best Regards,
Massimiliano Pala
--o
Massimiliano Pala [OpenCA Project Manager] ope...@ac
Hello Konrad,
As Dave said, it is best practice not to re-use keypairs for different
purposes. Also, it might be difficult to manage revokation.
For example, if a key is compromised, then all the certificates issued
with the corresponding public key have to be revoked. This could be
difficult to
lex Weirig
Ville de Luxembourg - Centre Technolink
2, rue Charles de Tornaco
L - 2623 LUXEMBOURG
alex.wei...@technolink.lu <mailto:alex.wei...@technolink.lu>
Tel: +352 4796 - 6127
Fax: +352 42 888 81
www.technolink.lu <http://www.technolink.lu>
On 01/09/10 16:27, Massimiliano Pala wro
the required
modules so that you can bundle them.
I would greatly appreciate any support you could provide helping us
getting OpenCA run on Mac OS X Server.
--
Best Regards,
Massimiliano Pala
--o----
Massimiliano
automatic configuration of the repos,
links available on the OpenCA's website)
Please, post your questions/issues/requests regarding the OCSP responder
to the new mailing list.
Best Regards,
Massimiliano Pala, Ph.D.
Director - OpenCA Labs
smime.p7s
Description: S/MIME Cryptogr
t..") or
suggestions (e.g., "The link to AbC should be moved here..", "You should
add a new link to DeFgh..").
Best Regards,
Massimiliano Pala
OpenCA Labs
Massimiliano
The email address here:
8<---
documentation
* pki-
I preferred the old layout..") or
suggestions (e.g., "The link to AbC should be moved here..", "You should
add a new link to DeFgh..").
Best Regards,
Massimiliano Pala
OpenCA Labs
smime.p7s
Des
On 08/24/2010 03:30 AM, zaxary wrote:
Hello Max,
Thanks for your response,
I Installed the packages, openca_tools-1.3.0 , Openca-base-1.1.0 and I use
apache2.
And I didn't patch the system!
I would suggest you apply the patches, it is a really simple process and quite
well documented on the
Hi Fred,
the issue has been fixed some time ago - which version of OpenCA are you using ?
It is important that you apply all the patches available for your version. Also,
can you send me the errlog file ?
Later,
Max
On 08/21/2010 06:30 AM, Frederic d'Huart wrote:
Hi Massimiliano,
Regarding t
or openca's config?
can anybody help me to solved the problem?
Regards,
Zaxary
--
Best Regards,
Massimiliano Pala
--o----
Massimiliano Pala [OpenCA Project Manager]
s own user certificate.
Roger
--
Best Regards,
Massimiliano Pala
--o----
Massimiliano Pala [OpenCA Project Manager] ope...@acm.org
pr
,
Massimiliano Pala
--o
Massimiliano Pala [OpenCA Project Manager] ope...@acm.org
project.mana...@openca.org
Dartmouth Computer Science Dept Home
_
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
--
Best Regards,
Massimiliano Pala
--o
Hello Todd,
no.. the topic has not been covered at all! Actually, you are the first
one that is attempting to use the OCSP with EC certificates. Here's a
list of the things you might want to check:
- The version of OpenSSL you linked the OCSPD against supports ECDSA
- CRL is correctly signed by t
web server problem.
I used Apache-ssl 2 and the problem is solved.
--
Best Regards,
Massimiliano Pala
--o
Massimiliano Pala [OpenCA Project Manager] ope...@acm.org
2".
After I compared the two types of certificates, there's only one difference
between them and that's the format of their serial number. So I think if I
can change the format of OpenCA's serial number to decimal, my problem would
be solved.
--
Best
Hi Zaxary,
what do you mean by decimal ? The numbers in the certificates are ASN1_INTEGER
and decimal or hex is just a representation in the User Interface... Am I
missing
your point ?
Later,
Max
On 07/13/2010 07:58 AM, zaxary wrote:
Hi,
Does anyone know who I can change the OpenCA to make
nls]
[*sha1*::4ce46ad3e11ef8b084586f1e56fd127d885318de]
SHA1 of intended download and file wgetted from site is not equal.
What am I doing wrong?
--
Best Regards,
Massimiliano Pala
--o----
Massimiliano Pala [OpenCA Project Manager]
binaries,
and if the latter, which one ?)
Cheers,
Max
--
Best Regards,
Massimiliano Pala
--o----
Massimiliano Pala [OpenCA Project Manager] ope...@acm.org
proj
d in PREFIX/var/openca/log/stderr.log.
Cheers,
--
Best Regards,
Massimiliano Pala
--o----
Massimiliano Pala [OpenCA Project Manager] ope...@acm.org
Hi Sebasstian,
thanks for pointing that out.. in the new version of the OCSP the problem
is solved as LibPKI provides the function PKI_INTEGER_get_parsed() that
returns a string (which is a safer representation of an ASN1_INTEGER) which
can safely be printed in the logs.
Cheers,
Max
On 06/14/2
Hello Wytze,
responses inline..
On 06/12/2010 05:12 AM, Wytze van der Raay wrote:
Hello Max,
[...]
OK, that sounds promising. But that means you are not doing anymore work
on the 1.5/1.9 branch I presume?
That is correct, from now on we will use LibPKI as it is quite mature
and allows to de
Hello Wytze,
It is definitely a bug.. the 1.9.0 version is not really production ready..
I am finishing some details for the new version of LibPKI which is required
for the OCSPD v2.0 which will support the usage of different tokens to
sign responses.
A solution to your problem would be to have
On 05/25/2010 04:39 AM, Geert Hendrickx wrote:
[...]
Could this be due to the fact that I'm running on a 64-bit system?
This could be.. I have not tested the implementation on a 64-bit.. I guess
you compiled all the openca-tools and the openca-base packages (not using
the binaries), right ?
I
What do you mean by that ? The key is protected with the user pin/passwd
when it is generated on the server and that is needed to download the
bundle as a .p12 file.
It that what you were asking ?
Cheers,
Max
Quoting Regivaldo Gomes Costa :
> Hi,
>
> I have some doubts as to generated certifi
So.. is the problem related to the fact that the CISCO IOS does not recognize
the Content-Type: or more on the CISCO side (so that we have to send
'Content-type'
instead of 'Content-Type') ?
One small note: it seems that the patch you sent is related to the
'Content-Length:'
header instead...
interface.
Is there something wrong with my database? I have initiated it from the CA
webinterface. Or my config? I haven't changed much config apart from some
names, paths, and USE_LOAS=no (and verified tha
Hi Sebastian,
If you do not hear from me by the end of the week, please send me an
email, I might have forgotten to send you the software.
For the revocation status checking.. I have to say that, because of
the difficulties to find timely revocation information, many applications
just allow bad
Hello,
I check the code in the crypto-utils, but line 955 is not consistent
with your reported error. Which version of OpenCA are you using ? It
seems like an error related to loading some XML configuration.. can
you check the error log in PREFIX/var/openca/log/stderr.log ?
Cheers,
Max
On 04/1
of the current(?) ocspd release, if there
only were no signature problem.
Thanks for your thoughts& Cheers,
--
Best Regards,
Massimiliano Pala
--o----
Massimiliano Pala [OpenCA Project Manager]
Hi Sebastian,
I am not sure about which version you have, and, unfortunately, I had
no time to debug the new version we have laying there since the beginning
of this year (bad.. bad.. max!), but I think that the problem could be
related to threads management.
I don't know if, in the version you
Hi Val,
the Notices is a new feature that is not available yet, but it will
be in future versions. Basically, the idea is to provide users with
notices that can be targeted for class of users (roles). For this
to happen, the login/register commands need to be implemented.
At the moment, you shou
/07/2010 05:20 AM, David O'Callaghan wrote:
Hi Max,
On 06/04/10 22:52, Massimiliano Pala wrote:
OpenCA-ers (all of you), what would you prefer ?
- Fast patch (but multiple files involved, etc...)
- New version of OpenCA (released within the next month with the
auto-update feature) ?
Not (yet)
31, 2010, at 6:10 PM, Massimiliano Pala wrote:
One question, does your patch take into account the
differences in types for each DB ? That is, for MySQL and DB2 we can use
a different type for the same column.. does your patch gracefully take
that into account ?
Yes it should work, as it only
Hello Nitin,
OpenCA supports two ways to automatically issue certificates. The first is
to use the AutoCA function that let you issue certificates automatically based
on several criteria (request is singed, approved, role, etc.) and you can
activate it via the web interface. For CRLs there is the
Hi Dave,
my personal opinion is that if a certificate is not used for a long
period of time and there are no other constraints (eg., special
smart cards/usb tokens involved) you have two options:
* Keep it Valid - more compatible option if you want to re-use it
later (if it can not be used to a
Hi Dave,
the problem with using this approach is that most applications do not
recognize the extensions in CRLs properly... therefore once they have
the CRL, they will think the certificate is revoked.. not suspended.
AFAIK, removefromCRL reason code should be used only in DeltaCRLs
prior removi
Hi Hari,
are you able to download the certificates from the public interface
directly (not following the link on the email, but just from the list
of valid certificates) ?
Cheers,
Max
On 03/29/2010 11:04 AM, Hari Kurup wrote:
Hello there,
I installed OpenCA and I am able to generate certific
al
numbers.
One approach would be to explicitly specify the datatypes for all the bind
values. So the typecasting would not happen anymore.
Cheers
Sam
--
Best Regards,
Massimiliano Pala
--o----
Mas
Hi Regivaldo,
definitely that's not good :D What DB are you using ? And what command
did you use to revoke those certificates ?
Cheers,
Max
On 03/30/2010 08:27 AM, Regivaldo Gomes Costa wrote:
Dear Friends,
I made the revocation of two Certificates.
However, they are both listed as valid cert
Hi Claus,
the AC code is a bit of a mess right now. I think it suffered from the
over-engineer complex... I think that the idea about the CERTIFICATE_SERIAL
being < 1 would identify the CA certificate which are treated differently
from the other certificates (because their serial numbers can be n
,
Erwin
--
Best Regards,
Massimiliano Pala
--o
Massimiliano Pala [OpenCA Project Manager] ope...@acm.org
project.mana...@openca.org
Dartmouth
Hi Ben,
it is actually very easy to do that. There are a couple of options here.
First, you have to install the online components ('make install-online')
on one machine and install the offline ones on another ('make install-offline').
Then you have to decide if you want to share the same DB or n
On 03/22/2010 12:53 PM, Ben DJ wrote:
Max,
On Mon, Mar 22, 2010 at 9:43 AM, Massimiliano Pala
wrote:
Hi Ben,
AFAIK is an old option that should be removed :D Unless someone has any
reason to keep and maintain it (I think it is completely ignored at the
moment).
I'm clearly '
Hi Ben,
AFAIK is an old option that should be removed :D Unless someone has any
reason to keep and maintain it (I think it is completely ignored at the
moment).
Cheers,
Max
On 03/22/2010 11:21 AM, Ben DJ wrote:
hi,
what does
--disable-external-modules
do?
whether or not it's included, t
Hi Ben,
answers inline...
On 03/21/2010 10:01 PM, Ben DJ wrote:
If I configure a build of openca-base as,
./configure ... --with-build-dir=$OPENCA_BUILD_DIR
--with-module-prefix=$OPENCA_MODULE_DIR ...
perl modules are installed under,
$OPENCA_BUILD_DIR/OPENCA_MODULE_DIR/perl5
Hi Ben,
for the PERL modules, there are several warnings. First of all, the
Net-SSLeay on CPAN does not support openssl-0.9.9+ / it won't compile.
Secondly, there have been problems in the past to rely on CPAN and
modules already installed on different systems... That's why we
install the modules
Hi Ben,
try this:
./configure --prefix=/usr/local/openca
--with-openca-tools-prefix=/usr/local/openca
Let me know,
Max
On 03/21/2010 06:03 PM, Ben DJ wrote:
./configure --prefix=/usr/local/openca
--with-build-dir=/build/openca_build
--with-openca-tools-prefix=/usr/local/openca/
_
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
--
Best Regards,
Massimiliano Pala
--o
Massimili
I did some fixes... I noticed that if your default language in the node is
set to "C" instead of any other language, then the sent encoding is ISO-8859-1,
and if you have some requests/certificates with utf-8 characters they do not
get displayed correctly.
A suggestion: change your default langua
been translated - which should have not
happened. I attach the patch for that, please let me know if this fixes
the last problem.
Copy the request-utils.lib in the PREFIX/lib/openca/functions/
I am looking in fixing the first two points...
Cheers,
Max
## OpenCA - Request Utils
## (c) 1999-2009 by Ma
Yep,
that's true. I fixed it - since it is not really a bug, I would not put
out a patch for that at the moment - just keep the DN_TYPE_... keywords,
they are not used.
The same issue is present also if you user the DN_TYPE.._ENFORCE_BASE EXIST.
Cheers,
Max
On 03/16/2010 08:15 AM, Andrei Pîrva
It is a known (and already fixed) issue. The fix is posted on the Wiki
at:
Http://www.openca.org/wiki/
Let me know if u still have problems with it.
---
Cheers,
Max
On Mar 16, 2010, at 11:10 AM, "SODATONOU Dodji Comlan Samuel"
wrote:
>
> When i use IE6 or IE8 to generate a certifica
1 - 100 of 592 matches
Mail list logo
