Hi,
TeleSec has founded the first PKI in Germany that works by the rules of
the german signatur law. They prvide users with smartcards and offer
the certificates in files on the web.
(http://srv15.telesec.de/verzeichnisdienst/index.htm)
However OpenSSL doesn't seem to be able to extract the corre
This is mostly off-topic, but in a good cause: I'm trying to install
Linux, not coz I have any real need, but so that I can more easily
support OpenSSL and related stuff, some of which is a major battle to
compile on FreeBSD (unfortunately, IMNSHO). But, I'm having my usual
nightmare ... so are th
At 07:00 PM 05/10/1999 , Dr Stephen N. Henson wrote:
>Dave Clark wrote:
>>
>> Hello, new OpenSSL user here;
>>
>> How does one go about specifying an X509 V3 extension when generating
>> a certificate request with the OpenSSL 'req' utility, such that the
>> extension will be transferred to the c
On Tue, May 11, 1999 at 11:00:26AM +0200, Martin Staael wrote:
> 473328:error:0B080074:x509 certificate routines:X509_check_private_key:key values
>mismatch:x509_cmp.c:264
>
> what is going wrong here? I'm 100% sure that the private key is correctly.
Which version of OpenSSL do you use? A rece
Thanx a lot ! This form of software really is great...
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Bodo Moeller
> Sent: Tuesday, May 11, 1999 9:46 AM
> To: [EMAIL PROTECTED]
> Subject: Re: OpenSSL 0.9.2b SSL_connect behavioure
>
>
> On Tue, Ma
John Martin <[EMAIL PROTECTED]>:
> I'm looking for documentation on how to use a client certificate, ie
> how to make a certificate available to the SSL server. I don't seem to
> be getting any results from SSL_CTX_use_certificate_file().
Do you also load the corresponding key file? If not, tha
I'm using linux RH5.2 with piecewise upgrade to 2.2.6 kernel... I have
OpenSSL working (no firewall). I can try to help.
Ben Laurie
>
> This is mostly off-topic, but in a good cause: I'm trying to install
> Linux, not coz I have any real need, but so that I can more easily
> support OpenSSL and
Hi,
did anyone out there install Apache + mod_ssl and try to make openssl on a
window NT 4.0 PC? I downloaded the openssl-0.9.2b.tar.gz file and extracted
all the modules. I also downloaded mod_ssl-2.2.8-1.3.6.tar.gz and extracted
those modules. I then followed the instructions installing Apache+m
Robert,
> TeleSec has founded the first PKI in Germany that works by the rules of
> the german signatur law. They prvide users with smartcards and offer
> the certificates in files on the web.
> (http://srv15.telesec.de/verzeichnisdienst/index.htm)
> However OpenSSL doesn't seem to be able to ext
I highly reccomend installing from CR rom. RH-6.0 is available
for less than 5$ US by mail order, and I'm sure it can be overnighted
for not much more.
Doing it by download is possible, but it's also asking for problems.
On Tue, 11 May 1999 Ben Laurie wrote:
>
> This is mostly off-topic, but i
Hi!
Here it comes my patch to the ca application. Please continue reading
for full explanation.
**
1. ca -extensions
=
I've been trying to issue different kind of certificates such as servers,
clients, CAs, but the only way to set cor
Robert Eiglmaier wrote:
>
> Hi,
>
> TeleSec has founded the first PKI in Germany that works by the rules of
> the german signatur law. They prvide users with smartcards and offer
> the certificates in files on the web.
> (http://srv15.telesec.de/verzeichnisdienst/index.htm)
> However OpenSSL doe
Ben Laurie wrote:
> This is mostly off-topic, but in a good cause: I'm trying to install
> Linux, not coz I have any real need, but so that I can more easily
> support OpenSSL and related stuff, some of which is a major battle to
> compile on FreeBSD (unfortunately, IMNSHO). But, I'm having my u
Massimiliano Pala wrote:
>
>
> 1. ca -extensions
> =
>
> I've been trying to issue different kind of certificates such as servers,
> clients, CAs, but the only way to set correctly the extensions was to:
>
> a) modify the config file;
> b) keeping a config file
Hi!
While installing openssl-0.9.2b, I found a bug in crypto/bn/bn_lcl.h:
the prototype for bn_add_words is missing a parameter:
*** crypto/bn/bn_lcl.h.orig Thu Jan 28 11:40:37 1999
--- crypto/bn/bn_lcl.h Tue May 11 13:33:25 1999
***
*** 247,253
BIGNUM *bn_expand2(BIGNUM
Oops, another error:
On HP-UX 9.0x (at least HP-UX 9.07), bc fails to correctly process the
last term output by bntest. This is a bug in HP-UX' bc, but a hint may
be useful, since a failed test gets credited to openssl on the first hand.
Bye, Andy
---
Stop messing with huge downloads. The easiest way to install Linux
is from a bootable CD. Just put it in the drive and follow the
instructions. You can buy CD's for almost nothing from www.cheapbytes.com.
__
OpenSSL Project
Howdy,
I'm implementing a CORBA based solution, and one of my requirements is
to encrypt all traffic that is moving on the bus.
I'm using omniORB2 which is an ATT product, but is released under the
GPL, so I have the source. My intent is to modify omniORB such that it
uses secure sockets rathe
ive done a bit of looking and have come to another snag (i think) can i take
the older httpd.conf (from apache 1.2.5) and basically splice the the
virtual host info into the new 1.3.6 conf file? secondly, i d/l the
frontpage server extension patch for apache 1.3.0 (as high as they had it..)
will t
mod_ssl requires at least one small tweak to run on Linux + Glibc2.1 (I and
others I know of ran into one particular one -- ndbm.h has moved --, but I'd
not be surprised if there are more).
Dave Neuer
-Original Message-
From: Massimiliano Pala <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <
On Tue, May 11, 1999 at 07:02:51PM +0100, Dr Stephen Henson wrote:
> Massimiliano Pala wrote:
> >
> >
> > 1. ca -extensions
> > =
> >
> > I've been trying to issue different kind of certificates such as servers,
> > clients, CAs, but the only way to set correctly the extensions
> Cisco router use CEP protocol to enroll certificates.
> It can only request certificates to CA servers which supports
> CEP. I do not know how you made Cisco router to save the Certi request
> in this attached file. How did you get it?
By pointing it to a http server which has the following cgi
Hi,
I am using FPSE with Apache 1.3.4, it just took a few minor
modifications to the 1.3.0 patch to get it working. I'm including my
version of the patch, unless much has changed it might work with 1.3.6
as well.
The FPSE installation itself was also a bit problematic because during
the installa
> I do have Downloaded the RH6.0 package... I did installed on a machine
> to see how it is ... but it seems to have MAJOR problems with glibc
> ( I cannot compile apache+mod_ssl ... !!! ) with many software (not
... and don't try to install a glibc manually. It costs a lot of time - at
least for
> ive done a bit of looking and have come to another snag (i think) can i take
> the older httpd.conf (from apache 1.2.5) and basically splice the the
Be careful. There are differences between 1.2.x and 1.3.x.
Sytnax changes and so on...
> frontpage server extension patch for apache 1.3.0 (as hi
> I've been trying to issue different kind of certificates such as servers,
> clients, CAs, but the only way to set correctly the extensions was to:
>
> a) modify the config file;
> b) keeping a config file for every kind of certs;
...or to use the -name option, ain't ?
OpenSSL suppo
On Tue, May 11, 1999 at 07:19:42PM +0200, Stefan Kelm wrote:
> This is a problem with the TeleSec certificates. I'm not sure about the
> details but I've spoken to both TeleSec and the BSI ("Bundesamt fuer
> Sicherheit in der Informationstechnik" www.bsi.de) about this problem.
> They are aware o
Can someone point me to a more comprehensive description of the
openssl command line documentation. The stuff on the web site is not
very illuminating.
Michael
[EMAIL PROTECTED]
__
OpenSSL Project
Dr Stephen Henson wrote:
>
> OpenSSL can still produce V1 CRLs. Even if you delete the whole crl_ext
> section it will still generate a V2 CRL. What you need to do is comment
> out the line:
> crl_extensions = crl_ext
> e.g. put a # at the start. When it sees that no crl extension section is
> na
> More interesting. It looks like a CSR but its broken somewhat. Since
> there are several forms for the CSR I needed to check the file to be
> sure.
>
> These things can have a PKCS#10 request variant and some other data
> inside a PKCS#7 wrapper. The wrapper can be either PKCS#7 signed data or
John Wehle wrote:
>
> > More interesting. It looks like a CSR but its broken somewhat. Since
> > there are several forms for the CSR I needed to check the file to be
> > sure.
> >
> > These things can have a PKCS#10 request variant and some other data
> > inside a PKCS#7 wrapper. The wrapper can
> But, I'm having my usual
> nightmare ... so are there any Linux gurus other there willing to help
> get the damn thing installed? I'm trying to do RH 6.0,
OH GOD NO! NOT A .0 VERSION!
Perhaps you would like the 5.2 release better, seeing as to how it is
not RAGINGLY UNSTABLE... I am far from
32 matches
Mail list logo
