Dann Daggett wrote:
My apologies for being so ignorant. ...
Ignorance requires no apologies when it presents questions
rather than assertions.
Regards,
kudzu
__
OpenSSL Project http://www.openssl.
Hi Dann,
On September 5, 2003 08:08 pm, Dann Daggett wrote:
> But your answer brings up yet another question :) Most people do not
> have their own certificate, yet are able to do https transactions with
> secure web servers. Does each browser have a default certificate it
> presents in this case?
> Then the contents of the /certs directory just doesn't matter,
> since the OpenSSL library is being explicitly told where the
> certificates are to be found.
>
> It all depends on what you want to do.
I need to do it all. After apache for secure transactions, I want to
use my own certs to allo
> > However, I still don't know about the empty /certs directory. Am I
supposed
> > to copy /usr/local/src/openssl-0.9.7b/certs/ to /usr/local/ssl/certs? It
> > seems strange that the install script wouldn't have done that as well if
it
> > were needed.
>
> Well you copy the ones that are relevant
On Thu, Sep 04, 2003, Ohaya wrote:
> One final question... This one may be specific to the behavior of IE,
> but I'm not sure:
>
> 1) I have one server certificate installed in IIS, which I created when
> I did the Certificate Server installation.
>
> 2) In my IE browser, I have two client cert
Dann Daggett wrote:
However, I still don't know about the empty /certs directory. Am I supposed
to copy /usr/local/src/openssl-0.9.7b/certs/ to /usr/local/ssl/certs? It
seems strange that the install script wouldn't have done that as well if it
were needed.
Well, it depends on what you want to do.
On Fri, Sep 05, 2003, Dann Daggett wrote:
>
> However, I still don't know about the empty /certs directory. Am I supposed
> to copy /usr/local/src/openssl-0.9.7b/certs/ to /usr/local/ssl/certs? It
> seems strange that the install script wouldn't have done that as well if it
> were needed.
>
Wel
> > I'm hesitant to start giving read access to all the
> > application's "run as" users to the ssl directories.
> > Consequently Im wondering wehter the openssl
> > libs have root access even though Apache might be running
> > as "nobody"? Or, do I duplicate all the certs
> > in each app's respe
IE only lets you select from certificates that have a root CA in common
with the server certificate. This is independent of the web server
platform. The web server presents its certificate as part of the SSL
handshake, so IE does know the issuing CA from the certification path.
Bart...
-Orig
In my setup, I installed openssl to /usr/local/ssl. In that dir there is a
/certs directory which is empty. However, in my source dir
/usr/local/src/openssl-0.9.7b/certs/ there over 20 .pem files (and their
associated hashes) which look to be the trusted root certificates. Should
those be copied to
Greeting all,
I am new to openssl and just joined this list. I've spent the last week
reading the man pages, READMEs, INSTALLs, and every HOW-TO I can find
regarding openssl and the apps I want to secure. I'm still a bit confused
however, and am having some troubles. I certainly don't want all the
Chris Brook wrote:
> If I read your reply right, responsibility for DAC and Known Answer Test
> checking is the responsibility of the app developer, though you will provide
> the DAC checksum for the crypto module. Have you also included the KATs,
> since they essentially exist the OpenSSL test m
Mathias Brossard wrote:
> On Fri, 2003-09-05 at 11:55, Ben Laurie wrote:
>
>>>- What version of OpenSSL does it correspond to? 0.9.7b?
>>
>>"Yes, and the FIPS specific routines will be carried forward in future
>>OpenSSL releases. Only the "cryptographic module" containing the
>>relevant cryptog
Hi,
I have a file containing 128 bytes of data (no CR/LF
- yes, sorry I'm on Windows for this project). The
original data was padded (ISO9796-2/1) in order to
create this file.
When trying to sign this data with rsautl using the
following command:-
openssl rsautl -in padded -inkey private.pem -
It is unfortunate that the process could not
have been more open, but I considered the goal worth that sacrifice,
Not a problem for me. :)
This is great -- one of the most exciting things I've seen in a long time!
/r$
--
Rich Salz, Chief Security Architect
DataPower Technology
On Fri, 2003-09-05 at 11:55, Ben Laurie wrote:
> > - What version of OpenSSL does it correspond to? 0.9.7b?
>
> "Yes, and the FIPS specific routines will be carried forward in future
> OpenSSL releases. Only the "cryptographic module" containing the
> relevant cryptographic module implementations
Hi!
As I have just been informed, the Internet connectivity of the university
will be down due to major restructurings in the power supply system
from Friday (05 Sep 2003) afternoon until Monday (08 Sep 2003) morning
(central european daylight savings time).
The OpenSSL request tracker hosted in
17 matches
Mail list logo