certs. this is found under
openssl/extfiles if i'm right. but there should be some extra
information about that in the documentation already, how to
change/create new roles.
greetings
dalini
---
This SF.net email is sponsored by: Splun
Zitat von Martin Bartosch <[EMAIL PROTECTED]>:
Folks,
I've got a last-minute Christmas present for you all!
Indeed.
You will find the current CertNanny release on SourceForge at
http://sourceforge.net/projects/certnanny/
I guess, I will have a look soon.
Thx Martin
Greet
ex/imported so far (identified by there id) - so simply remove all
files in all subdirectories under [openca-installdir]/var/log and the
ca/ra should transmit everything again
greetings
dalini
---
This SF.net email is sponsored by: Splunk Inc.
- to make crl optional for basic
testing and enable it later as a second step...
the current scep-implementation also delivers the crl directly through
scep to the devices (if its available at the right place)
greetings
dalini
---
This SF
...
another point may be (at least former versions of ios and pix-software)
where special attributes in the SANs of certificates...
greetings
dalini
---
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for pro
certain places this will give a bit more
detailed information for each programm you call with it ;)
but i don't know if its available at your system
so maybe its usefull to call some commands with this too...
will be more accurate then top i guess - hehe
greetings
dalini
NAME
time -
all it new
to get the latest 0.9.2 series sources you must tell cvs to give u 0.9.2
i think this is done via -r switch
so maybe you should try this and then go to compile it ;)
greetings
dalini
---
SF.Net email is Sponsored by the
webbrowser u
usally should see an error message:
Error 700, General Error. This interface is only for SCEP.
if you add: ?operation=GetCACert you will get the ca-cert in pkcs7
format... like the client would do, this can also be read in the
scep-rfc-drafts
greeti
t the certs if this is missing - so just in case ;)
greetings
dalini
---
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get
for syslog
may help for the moment - to get it running
so is your install problem solved?
greetings
dalini
---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover w
s the fingers on the keyboard of
the person ;)
so it may be possible, that a workflow requests that serveradmins show
up at the pki help desk to confirm there request... and this will work
with that option
available only in 0.9.2 series
greetings
d
subject alternative names are supported
the errors look like a problem with openssl:
OpenSSL fails (256).)..
11232:error:22075075:X509 V3 routines:v2i_GENERAL_NAME:unsupported
option:v3_alt.c:436:name=dns, referer:
Greetings
Dalini
---
The SF.Net
working setups with scep
and different hardware!
greetings
dalini
---
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost...
- there are quite some postings
to this topic, also from me
greetings
dalini
---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live u
, to look at the right places ;) and give you a faster
and improoved feedback... please always try to use our stable releases
Greetings
Dalini
---
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds o
changes at ca.c since the patch
has been written... so you have to apply it manualy ;)
or ask someone you know, who has some knowledge about c
greetings
dalini
---
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD - A multid
.9.8 its
already possible...
it should not break 0.9.7e, since the patch is quite small
and just 'disables' some unique checks imho ;)
greetings
dalini
---
This SF.Net email is sponsored by: InterSystems CACHE
FREE OODBMS DOWNLOAD -
thout once, to see what happens
try a very simple dn - for testing, like cn=test,ou=plahh,c=es
if this doesn't work too, then it may be a problem of the dn:500 perl
module, you are using
greetings
dalini
---
This SF.Net email is sponsored
dalini wrote:
you can change this behavior through the configfiles in .../etc/
where it is set to o,c - to the dc styl for example
this is also described in our documentation for example here:
http://www2.openca.info/docs/guide/openca-guide.html#id2808788
so read the fine manual please, thx
submitted similar report but got no reply:
http://sourceforge.net/mailarchive/forum.php?thread_id=5891510&forum_id=2291
:-(
the maintainer for ocsp is quite bussy at the moment - so there is not
such a good support for this target at the moment, instead of openca itself
gr
this behavior through the configfiles in .../etc/
where it is set to o,c - to the dc styl for example
this is also described in our documentation for example here:
http://www2.openca.info/docs/guide/openca-guide.html#id2808788
so read the fine manual please, thx ;)
greetings
d
Obes, Til wrote:
At the state as openca is at the moment, changing the texts is not
practical.
anyhow, maybe we should move this discussion to the dev list?
greetings
dalini
---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition
ut this change is minimal and everything is ready to behave correct
actually
we just need the english 'translation' ;)
greetings
dalini
---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
Linu
rd text in english without
fixing the key-texts ;)
greetings
dalini
---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads.osdn.
Cvs from 28.10. was it i think.
so still a problem - hmm
greetings
dalini
---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http:/
you may have a look into - for changes and so on:
.../etc/access_control/*.conf.template
(it is mentioned there, also how to setup possible other options
like certificates or even external access_controls)
rerun configure_etc.sh script after changes
greetings
dalini
enCA. What am I missing?
no, this can't be, i had this running with uid too already some time ago
did you change this on the ra and ca?
greetings
dalini
---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now fo
get only synced once per
day on sf.net ;(
so micheal checked in the bugfixes, but most probably they are not
available at the public cvs right now, but should be tomorrow
greetings
dalini
---
This SF.Net email is sponsored by:
Sybase ASE Linux
't finished right now...
greetings
dalini
---
This SF.Net email is sponsored by:
Sybase ASE Linux Express Edition - download now for FREE
LinuxWorld Reader's Choice Award Winner for best database on Linux.
http://ads
your changes on the ra side if you export all
from ca and import all at ra..
greetings
dalini
---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
ir is servergenerated and the key is backuped or still
available, then you can reinstall the certs and the keypair again of
course ;) without revoking and requesting a new one
greetings
dalini
---
This SF.net email is sponsored by: IT Product Gui
Konstantin Khrooschev wrote:
dalini wrote:
Konstantin Khrooschev wrote:
Oct 22 15:56:46.149 MSD: CRYPTO_PKI: status = 100: certificate is
granted
Oct 22 15:56:53.232 MSD: crypto_certc_pkcs7_extract_certs failed (1795):
Oct 22 15:56:53.232 MSD: crypto_certc_pkcs7_extract_certs failed
after
sting-system, and there i could also issue
some testing certs which should work with cisco if requests get send
to it, or just arificial certs, so you can look, how the should look
like
greetings
dalini
---
This SF.net email is sponsored by: IT Pr
f the scep interface but for the clients its an ra) and
one pending request before a enrollment gets started...
how do you setup the ca at the router as ca or as ra?
greetings
dalini
---
This SF.net email is sponsored by: IT Product Guide on ITMa
viewCert
and lists)
yeah - cool, i just thought if i have time i should fix this, since i
also steped over it...
looks good, i think i will put it into cvs
just will check it before...
greetings
dalini
---
This SF.net email is sponsored by: IT
ve a problem to
handle such a situation
greetings
dalini
---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Cert
better and faster feedback...
so would be nice if it could get used for new
support-requests
Greetings
Dalini
---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them
Dalini
---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http
dalini wrote:
so one may call this a debian problem, but actually it is a openssl
problem and specially of there release-policy for stable releases...
maybe i will write an e-mail and talk about security in terms of broken
protocol implementations which will crash protocols and it will be a
p a broken openssl instead of openssl
themself ;)
greetings
dalini
---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free Thin
there release-policy for stable releases...
greetings
dalini
---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift C
0.9.2RC6 is working
with sscep - see the thread: [Openca-Users] 0.9.2RC6 SCEP decoding
greetings
dalini
---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them
f you put the pwd in config.xml
or leave the key unencrypted and only accessible through
the openca scripts means the apache-user)
greetings
dalini
---
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in yo
cc version 2.95.3 20010125 (prerelease, propolice)
^^
thats 'the problem' - it should compile with a newer gcc
i havn't checked out what is the exact problem with 2.95 and
apps.c but a newer gcc works with the code
greetings
dalini
---
Michael Bell wrote:
I fixed this in CVS. So next snapshots and 0.9.2.0 will include the
correct content type. The interesting question is why do the cisco boxes
work with a wrong content type?
its not only cisco working with it...
reason may be that the just check the most right value
but actual
front or some other countermessure ;o)
greetings
dalini
---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping
we had something already which would make the
trick ;o)
greetings
dalini
---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink &a
rsa-keys... as i'm right, the 'client' certs should be also not exceed
2048 bit ,o)
dalini
---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $
segfault
greetings
dalini
---
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
atribute in DN ?
yes, this should work fine, actually
2) how can a configure OpenCA to work with "uid" atribute in DN and
export this certs to LDAP?
you just have to adopt the ldap setting, if i don't miss something ,o)
greetings
dalini
the issued certificate and sscep doesn't like
this...
so the test is actually ok ,o)
greetings
dalini
---
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks?
, as far this
is my current experience with cisco and sscep, so it works but it needs
a second request, i will fix this later, since its not a huge problem)
greetings
dalini
---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java
dalini
---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&
Konstantin Khrooschev wrote:
Ives Steglich wrote:
Ives Steglich wrote:
- sscep with attached configuration
can be found here:
http://lab.x-dense.org/openca/test.conf
greetings
dalini
sorry for wasting of time, another projects requre my attantion :-(
now tried test scep server, you published at
rwerite it, u just had to change the manual maybe)
yeah thats not very clean, but it may solve the your problem for the
moment...
greetings
dalini
---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
e a public testing installation found at:
http://lab.x-dense.org/openca
greetings
dalini
---
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 t
Oliver Welter wrote:
Hi Johnny,
look at your config.xml (openca/etc/)
section "database config"
First Item "dbmodule" must be "DBI" - I think you have DB here and so
OpenCA uses a flatfile as database
he uses 0.9.1.8 ;o) -
are apropriate container files which can provide the
requested functionality ;o)
so checkout: openssl p12 and openssl pkcs7 commands...
usaly there is alreade a makefile in the chain dir... which realizes the
ca-cert hirarchy stuff, if i have this right in mind...
greetings
dalini
@Til: Same problem occurs with "your" pub-interface (RC4)
and the dalini-Interface 0.9.1.8 (?)
what is the dalini-interface 0.9.1.8? ;o)
greetings
dalini
---
This SF.Net email sponsored by Black Hat Briefings & Training.
At
Michael Konietzka wrote:
Does anyone see some mantraps or failures in this workflow
before I start configuring and coding.
i think its a good idea, and therefore i have put it to the dev list ;o)
(forwarded)
greetings
dalini
---
This SF.Net email
nterface too, since there is
only export to lower - which includes all lower nodes...
but i don't have time for such things at the moment... sorry
first the verification problems have to be solved
greetings
dalini
---
This SF.Net email sp
Chris Covell wrote:
Dalini,
On Tuesday 29 June 2004 17:48, dalini wrote:
Any ideas ?
yes, but no good news... i just try to trace down this problem
this is related to all browserbased signing at the moment is broken
somehow...
thanks for this ! I shall have a look too, (but don't hold your b
: RFC 3280 for up to date informations... since 2459 is from 1999 or
something
greetings
dalini
---
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital
based problems
should be gone...
i'm a bit short on time at the momment, but i'll do my best
to get this back working asap
the signing csr and crr stuff should work again too then...
greetings
dalini
---
This SF.Net email sponsored by Blac
Michael Konietzka wrote:
So not only "OU" can occur multiple, *every* AttributeType can occur
multiple, can't it?
sure, you just have to setup your configruation regarding your needs
and the ldap config too ;o) so it can handle the used dn
g
d...
but the cn in ldap isn't signed - so its free to modify the ldap
antry - the certificate itself is usaly just a binary block
i hope this helps ;o)
greetings
dalini
---
This SF.Net email sponsored by Black Hat Briefings & Training.
At
y asking ppl at this open issue at the mozilla-bug-tracker - hehe,
there should be some mails on this list too, which documents, tha havy
efforts to get it in...
greetings
dalini
---
This SF.Net email is sponsored by The 2004 JavaOne(SM) Co
ysizes or something
so it basically means - code-changes at mozillacode and a redefinition
of this propriatary html tag...
or to use a different approach for mozilla/netscape based zertifikate
requests...
greetings
dalini
---
This SF.Net email is spon
h leaving out the
first one, and what the other developers think about
greetings
dalini
---
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, Ju
- how to generate certs for special
uses... like sendmail/apache/ldap/and so on... (which are basicaly
always the same, regarding the part for cert generation i guess ;o)
greetings
dalini
---
This SF.Net email is sponsored by The 2004 JavaOne(SM
her one is a new certificate
request aka signing request (sr)
but i will do some more testing in the evening
greetings
dalini
---
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's
Til Obes wrote:
4. whats the sense of loa? For what do i need this?
if you don't need/use it - you can disable it etc/server/ra.conf or
ca.conf there is an option
use_loa set it to no and you won't see it again ;o)
you can also adapt those levels and so on...
greeti
ate is the period of time from
notBefore through notAfter, inclusive.
greetings
dalini
---
This SF.Net email is sponsored by: GNOME Foundation
Hackers Unite! GUADEC: The world's #1 Open Source Desktop Event.
GNOME Users and Developers European Conf
stuff for next week ;o)
greetings
dalini
---
This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate
stuff for next week ;o)
greetings
dalini
---
This SF.Net email is sponsored by the new InstallShield X.
From Windows to Linux, servers to mobile, InstallShield X is the one
installation-authoring solution that does it all. Learn more and
evaluate
dalini wrote:
Laurent Mesuré wrote:
hi,
when i use the cvs tree what is the version of openca downloaded?
0.9.2
that means - if just call cvs - of course you can also fetch an older
version... if you provide the right tag (i just don't have it in mind
right now ;o)
greetings
d
Laurent Mesuré wrote:
hi,
when i use the cvs tree what is the version of openca downloaded?
0.9.2
greetings
dalini
---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an
interface...
i think this should work, since it also possible to add more than one
dns and so on thrugh the sub alt fields...
hope this works... havn't tried this so far with emails ;o)
greetings
dalini
---
This SF.Net email is sponsored by: O
special paper available
i had this from my "krankenkasse" they used this for the online access
you print with normal printer - but can't read it - just the recipient
and he can see if it has been manipulated
i'll try to find this peace of paper again - than i
dalini wrote:
so i guess - this is just a small problem somewhere but a bit tricky to
locate... since i have this running with pix 'without' problems - in
early stages of scep-getting-ready-to-really-work i had some nightmares
with this stuff... because some hints at cisco docu a
some hints for granting cisco-equipment certs next few days to
the list... since the issue is closly related to this above mentioned
prolbem
datails follow up soon - yeah - i know... but its late, the birds are
singing and i need some sleep... ;o)
greetings
d
had some nightmares
with this stuff... because some hints at cisco docu are easy to overread
but importend to follow to get things work properly...
greetings
dalini
you can also call me but not before 10 a.m. ;o): +49-3677-78 72 23
---
Thi
just read the
documentation...
greetings
dalini
---
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.os
Diego I. Rosso wrote:
I have openca 0.9.1.7 ... i dont have xml config's files... I found the same in ca.conf archive?
ups, ok, thats a problem ;o) - than my hint isn't the right one
i hve to take a look into 0.9.1.7, there i don't have anough knowledge about
g
orted - yeah and rerun configure_etc.sh ;o)
greetings
dalini
Diego I. Rosso wrote:
Johnny, cuando realizo el *"Upload data to a higher level of the
hierarchy"* eligiendo REQUEST en mi RA me da lo siguiente
Exporting archive ...
Load required variables ...
Changing to direc
most probably not be the case before tomorrow...
greetings
dalini
---
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
Kevin Mitcham wrote:
I've checked and re-checked the Database part of the config.xml, and it
all seems good to me. Any hints from the more experienced parts of the
world?
have you installed the correct perl-dbi module?
looks like it couldn't be found
greeti
- yes this takes some time, and yes the documentation
isn't perfect right now but good
greetings
dalini
---
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
.*
.*
.*
0
.*
0
it its like this - you can use it with anything (http/https) and so
on... so set it for first steps to this - should avoid problems
the type can still be mod_ssl shouldn't be a problem
greetings
d
silves wrote:
Hello Michael
I am using https and its the same thing ...
zite from a nother mail of this list today :o):
Please check your apache config for this:
SSLOptions +StdEnvVars +ExportCertData
greetings
dalini
---
This SF.Net email is
sued, if the request stays the same
greetings
dalini
---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FR
certificate works for Apache-ssl, but not for
scep :-( I think something in my cert creation process is still wrong.
Other applications of OpenCA are running well :-)
ist the dns also at the subjectline?
greetings
dalini
---
This SF.Net email is sponsored
ra-interface
no user interaction is needed at all
greetings
dalini
---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the
Bert Koelewijn wrote:
Yes OK. But is it possible to access /cgi-bin/scep/scep, without even
running the openca server?
regards,
this is an interface script - you can't run this just like it is
you have to modify it - to use it as an stand-alone aplication
just take a look ;o)
greetings
d
just call the binary and look - how to call for usal operations you
can see in the script "scepPKIOperation"
greetings
dalini
---
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market...
ls to
the scep-tool - to work with the ca stuff - it there are no
separate interface-cert and -key
greetings
dalini
---
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all o
pug wrote:
If I do a manual request with pub module of OpenCA everything is running
as I expect.
Is there a way to get more debug output from scep ?
did you get scep compiled with that openssl-0.9.8-dev snapshot
if i try this - i get an compile error...
greetings
dalini
update config files...
but usally one doesn't use the ca-stuff directly
Is there a way to get more debug output from scep ?
no, not at the current state
greetings
dalini
---
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGee
ne for
the right node
so for the ra - choose a template for ra, with ldap,public,scep whatever
you have and for the ca activate the ca only template
then you have to rerun ./configure_etc.sh to get the configfiles updated...
greetings
dalini
---
T
ound one day behind)
greetings
dalini
---
This SF.net email is sponsored by: The Robotic Monkeys at ThinkGeek
For a limited time only, get FREE Ground shipping on all orders of $35
or more. Hurry up and shop folks, this offer expires Apri
1 - 100 of 158 matches
Mail list logo
