Jeff Smith wrote:
>
> ... and using -verbose option, the step (3) verify would produce:
>
> % openssl verify -verbose -CAfile ca.crt -untrusted ca2.crt user.crt
>
> error 18 at 0 depth lookup:self signed certificate
> error 7 at 0 depth lookup:certificate signature failure
> 21970:error:0407006
Mark,
You wrote:
>I get this error message:
>
>make[1]: Entering directory `/export/home6/temp/openssl-0.9.6b/apps'
>rm -f openssl
>gcc -o openssl -DMONOLITH -I../include -fPIC -DTHREADS -D_REENTRANT
>-DDSO_DLFCN -DHAVE_DLFCN_H -mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN
>-DBN_DIV2W openssl.
Hello !
Why can I revoked a certified ?
I try to look in www.openssl.org but I think that it's down ...
---
Ed´ Wilson Tavares Ferreira
http://www.dcc.ufmt.br/ed
---
_
Are
you login as root (in order to have write permission)?
-Original Message-From: Faine, Mark
[mailto:[EMAIL PROTECTED]]Sent: Wednesday, July 25, 2001
10:44 AMTo: '[EMAIL PROTECTED]'Subject: errors
building openssl 0.9.6b on Solaris 8
I get this error
message:
ma
Lutz Jaenicke wrote:
>
> On Wed, Jul 25, 2001 at 11:22:09AM +1000, DT wrote:
> > I have a simple server which I can connect to using the openssl
> > client, and using Netscape no problems.
> >
> > MS Internet Explorer refuses to connect and I get the dreaded
> > "no shared cipher" message on my s
Xeno Campanoli wrote:
>
> Jean-Marc Desperrier wrote:
> >
> > Xeno Campanoli wrote:
> > >> I want to explicitly set the Not Before and Not After dates on my self
> > >> signed certificate, for testing purposes. My only example for making
> > >> the self signed certificate with the OpenSSL applic
You
should be able to run the OpenSSL executable to generate the base64 encoding of
the binary P7 file.
Just
issue the following command:
OpenSSL pkcs7 -in inputfile.p7b -inform DER -out
outputfile.pem
This
should work, but you can add '-outform PEM' if you want to make it more
readabl
From: "Kevin Elliott" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Copies to: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject:Using Microsoft CA generated certificates or Accessing other
CSPs using OpenSSL generated Certificates?
Date s
> hi,
> Was not aware of that.. ?n for recommending to windows users
> what clients for SSL-FTP are currently available that encrypt both
> channels?
> TIA
Kermit 95 comes with a secure FTP client that encrypts both channels.
http://www.kermit-project.org/k95.html
Jeffrey Altman * Sr.S
Date sent: Wed, 25 Jul 2001 14:02:26 -0600
From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject:Re: FTP over SSH2
Send reply to: [EMAIL PROTECTED]
SecureNetTerm. Take a look a www.securenetterm.com
Greetings,
Hopefully someone has a good direction for me, and I've spent the last few
days rtfming and scouring the last 6 months of the mailing list archives.
I'd like to store OpenSSL generated certificates on some smartcards, but in
order for that to work properly, I need to be able to put
From: Andrew Cooke <[EMAIL PROTECTED]>
Subject: Bugs building 0.9.6b
Date: Wed, 25 Jul 2001 14:27:56 +0100
Message-ID: <5.0.2.1.0.20010725142251.02d38710@localhost>
andrew> - line 321 of speed.c should be bracketed by #ifndef NO_RSA
andrew> (warning treated as error for unref var if NO_RSA used)
hi,
Was not aware of that.. ?n for recommending to windows users
what clients for SSL-FTP are currently available that encrypt both
channels?
TIA
[EMAIL PROTECTED]
On Wed, Jul 25, 2001 at 01:21:50PM -0400, Jeffrey Altman wrote:
> SSL FTP encrypts both the control channel and the data channel(s)
Jean-Marc Desperrier wrote:
>
> Xeno Campanoli wrote:
> >> I want to explicitly set the Not Before and Not After dates on my self
> >> signed certificate, for testing purposes. My only example for making
> >> the self signed certificate with the OpenSSL applications, however, is
> >> with the op
... and using -verbose option, the step (3) verify would produce:
% openssl verify -verbose -CAfile ca.crt -untrusted ca2.crt user.crt
error 18 at 0 depth lookup:self signed certificate
error 7 at 0 depth lookup:certificate signature failure
21970:error:0407006A:rsa routines:RSA_padding_check_P
I created a CA cert and created a couple of user certs. I used: $
openssl verify and got the following error:
error 20 at 0 depth lookup:unable to get local issuer certificate
Any thoughts of what is wrong? The openssl.org site seems to be down so
really can't even look up the openssl(1) comman
[EMAIL PROTECTED] wrote:
>
> D:\apache\openssl\bin>openssl ca -config openssl.cnf -out epo\user.cert
> -infiles
> epo\user.csr
> Using configuration from openssl.cnf
> Loading 'screen' into random state - done
> Enter PEM pass phrase:
> Error Loading extension section x509v3_extensions
> 223:e
I get this error
message:
make[1]: Entering
directory `/export/home6/temp/openssl-0.9.6b/apps'rm -f opensslgcc -o
openssl -DMONOLITH -I../include -fPIC -DTHREADS -D_REENTRANT -DDSO_DLFCN
-DHAVE_DLFCN_H -mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W
openssl.o verify.o asn1pars.o
I forgot to mention that I could successfully verify ca2.crt after step (2)
using
% openssl verify -CAfile ca.crt ca2.crt
clnt1.crt: OK
In addition to the question I had, I am wondering if there is any
workaround. What I need is a 2-level ca hierarchy.
Thanks - Jeff
Jeff Smith wrote:
>
>
SSL FTP encrypts both the control channel and the data channel(s).
The data channels are negotiating using SSL/TLS session caching for
rapid connections.
You can find patches to several FTP clients and daemons at Peter
Runestig's ftp site
ftp://ftp.runestig.com/pub/
C-Kermit 8.0 is a scriptab
Hi George
Sorry about the last email. I was corresponding with a George x who
spells his last name 1 letter different then your. He was also sending
proprietary stuff. I thought u were him
Robert
- Original Message -
From: George Staikos <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
Hello Jon,
> It appears from my testing that the expiry time on a certificate is taken
> from the client's machine time, not the server time. I've tested this with
> IE 5.01 SP1 and Netscape 4.77.
No the expiry time should be encoded in the certificate.
The element for t
On Wed, 25 Jul 2001, CJ Holmes wrote:
> ...
> prebind does a neat trick where is pre-resolves the location of all the
> symbols needed in the dynamic libraries used by a binary. This speeds up
> launch time dramatically. If you app is pre-bound to its dynamic libraries,
> and they are all pre-b
On Wednesday 25 July 2001 12:07, robert wrote:
> The file u sent, contained pem format file. I write ssl client & server
> software. Are u shore that u wanted to send me what could be the master
> secret???
That was the public file from those two websites (www.ibm.com and
wellsfargo.co
I've just made an interesting discovery after suffering the ignomy of having
an SSL certificate expire. (Supposedly I'll have it within the next two
hours. A late night for me!)
It appears from my testing that the expiry time on a certificate is taken
from the client's machine time, not the serve
Hi George
The file u sent, contained pem format file. I write ssl client & server
software. Are u shore that u wanted to send me what could be the master
secret???
Thanks
Robert
- Original Message -
From: George Staikos <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday
hi,
Since i know zip about windows includes.. AFAIK there is
not real equivalent to is there.. Anyone know
of comparison of what not to expect to be there. If someone
insists on using windows? TIA
__
OpenSSL Project
ARGH forgot to attach them. Here they are
Untars into cert/
--
George Staikos
certproblems.tgz
on 7/25/01 3:59 AM, Marko Asplund at [EMAIL PROTECTED] wrote:
>> ...
>> Now you can run config from the command line:
>>
>> ./config shared threads -D_REENTRANT -DUSE_TOD -DDARWIN -O3
>
> why do you need to add the compiler flags to the command line? you can do
> it in config and Configure.
I
On Wednesday 25 July 2001 05:55, Jean-Marc Desperrier wrote:
> George Staikos wrote:
> > On Tuesday 24 July 2001 20:26, George Staikos wrote:
> > >I've been noticing many problems with some new certificates which
> > > are being issued by Entrust and Verisign.
> >
> >Actually I looked it o
unistd.h is a Unix, not Windows file. Did you follow
the instructions in INSTALL.W32 file? Maybe somewhat
gone wrong when creating the ntdll.mak file.
--- Chandrashekhar B <[EMAIL PROTECTED]>
wrote: > Hi,
>
> I am having problem building openssl in Windows,
> MSVC environment. While making ntdl
On Wed, Jul 25, 2001 at 11:22:09AM +1000, DT wrote:
> I have a simple server which I can connect to using the openssl
> client, and using Netscape no problems.
>
> MS Internet Explorer refuses to connect and I get the dreaded
> "no shared cipher" message on my server.
>
> Pointing IE to openssl
32 matches
Mail list logo