On Tue, Dec 16, 2003, [EMAIL PROTECTED] wrote:
>
> Steve,
>
> thanks for the reply. I agree that I will need to be able to verify the
> signer's cert chain. If by signer you mean the CA and trusted root that
> signed the end entity cert. However, currently I am unable to parse the P7
> object
On Tue, Dec 16, 2003, Dr. Stephen Henson wrote:
> On Tue, Dec 16, 2003, [EMAIL PROTECTED] wrote:
>
> >
> > Steve,
> >
> > thanks for the reply. I agree that I will need to be able to verify the
> > signer's cert chain. If by signer you mean the CA and trusted root that
> > signed the end entit
I would like to sign a certificate created by pix firewall using OpenSSL CA server.
My current set up is: the OpenSSL CA server is
Network 1-- Router -- PIX Firewall Network 2
(CA server) VPN tunnel
I have established VPN tunnel between router
Hello !
I'm using openssl with php.
This is my code :
';
#GET PUBLIC KEY
$public_key = openssl_get_publickey('file://path_to_certificate');
#DECRYPT
openssl_public_decrypt($crypted_text, $decrypted_text, $public_key);
echo 'String decrypted : ' . $decrypted_text;
#GET ERRORS
echo '';
while (
Can I compile (s_server.c, s_client.c and s_time.c )
separately with openssl ? How ?
Thank
jajang
===
Ikuti polling Lomba Desain Kartu Idul Fitri 1424 H di http://kartu.plasa.com/lomba
=
Who can gived me openssl API Reference ? and can help to
make simple SSL Handshake program with this API ?
Thank
Jajang
===
Ikuti polling Lomba Desain Kartu Idul Fitri 1424 H di http://kartu.plasa.com/lomba =
I recommend this book, it's easy to read. And there is a explained sample doing what
you ask in it.
Network security with OpenSSL
O'Reilly
John Viega, Matt Messier & Pravir Chanda
ISBN : 0-596-00270-X
-Original Message-
From: Jajang Kavita [mailto:[EMAIL PROTECTED]
Sent: mardi 16 décembr
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: 16 December 2003 14:34
> To: [EMAIL PROTECTED]
> Subject: Sign PIX certificate using OpenSSL CA
>
>
> I would like to sign a certificate created by pix firewall
> using OpenSSL CA server.
> My current set u
[EMAIL PROTECTED] wrote:
I'm assuming you mean a Pix Firewall version 6.3.x. I don't think there is a
way to get a certificate onto a Pix, as the "ca" commands can only create
certificates.
The only way to get a cert is via SCEP. There are only a handful of CAs
that support SCEP, and no open
Sorry for my ignorance, could you post a reference to SCEP? What would
it take to manhandle a standard certificate into this format? Or is it
a lot more difficult than that?
Jon Barber wrote:
[EMAIL PROTECTED] wrote:
I'm assuming you mean a Pix Firewall version 6.3.x. I don't think
there is a
w
You are right, I am using PIX Firewall version 6.3.x.
If there's no way I can import a certificate to the pix firewall, do you know how can
I sign the pix certificate using OpenSSL CA with the Set Up I have.
It seems that the pix firewall can't communicate with the CA server.
When I tried to aut
Charles B Cranston wrote:
Sorry for my ignorance, could you post a reference to SCEP? What would
it take to manhandle a standard certificate into this format? Or is it
a lot more difficult than that?
SCEP is a standard proposed by Cisco (Simple Certificate Enrollment
Protocol) see http://www.ci
So, am I right that OpenSSL has the means to make these PKCS7 files
and the only new code development would be a network program to open
connections and send and receive the appropriate stuff?
I wonder if some of the code could be cribbed fro some of those
projects. Are any of them open source :-)
> The projects I looked at that have SCEP are openca, ejbca and openscep.
> I also looked at Sun Certificate Server (now discontinued) and ended up
> using Microsoft Certificate Services on Win2000. RSA Keon CA supports
> SCEP, but I'm not rich enough to buy it.
>
I just remember that one pr
Charles B Cranston wrote:
So, am I right that OpenSSL has the means to make these PKCS7 files
and the only new code development would be a network program to open
connections and send and receive the appropriate stuff?
Yes. The hardest part (and it isn't that hard) is assembling /
disassembling
Peter Sylvester wrote:
Besides this, the protocol description itself demonstrates a very
interesting knowledge of HTTP. :-(
The hard coded URL cgi-bin/pkiclient.exe is not the worst part.
Which Cisco themselves seem to ignore. You can give an optional path to
the URL on the PIX, although it
I dunno, I'm only about halfway through the Vesperman CVS book,
but when I used google to find openca and tried to find the
openca/openscep stuff I found that the HEAD version had been
removed from the archive, and that the versions in .attic
(:-) were merely half-page stubs.
Maybe I was at the wro
Thanks!
.arun
> There may not be an easy way.
>
> If you are using client authentication (rather enforcing it) you can extract
> identity of client from peer certificate on the server side. You can do this
> during certificate verification by specifying a callback to the verification
> proces
Does OpenSSL CA support/have CGI script?
If so, where is the location of cgi-bin script of OpenSSL CA.
Thank You.
Regards,
Sanborne
__
OpenSSL Project http://www.openssl.org
User Support Mailing L
On Dec 16, 2003, at 2:00 AM, Andrea Mennini wrote:
Hi,
I've tried to make a certificate with Ca.pl under WinXP. First I've
created the CA with
...
I think you might need to do some homework.
What are you trying to do? Add a certificate to the trusted
certificates store?
Generate a client certif
Check the SSL Certificates HOWTO on www.tldp.org
On Wed, 2003-12-17 at 11:56, Denny Valliant wrote:
On Dec 16, 2003, at 2:00 AM, Andrea Mennini wrote:
> Hi,
>
> I've tried to make a certificate with Ca.pl under WinXP. First I've
> created the CA with
> ...
I think you might need to do some
>Firstly the application has to call the configuration code. If it doesn't then
>this wont work. This can either be via explicit calls (unlikely because the
>code is very new) or by compiling -DOPENSSL_LOAD_CONF. Then assuming the
>application calls OpenSSL_add_all_algorithms() it will call the con
On Wed, Dec 17, 2003, Kazunori HASEGAWA wrote:
> >Firstly the application has to call the configuration code. If it doesn't then
> >this wont work. This can either be via explicit calls (unlikely because the
> >code is very new) or by compiling -DOPENSSL_LOAD_CONF. Then assuming the
> >application
On Wed, 2003-12-17 at 05:02, Jon Barber wrote:
> Probably your best bet is OpenSCEP : http://openscep.othello.ch/ Having
> said that, openca looks very promising and has SCEP support in the CVS
> tree at the moment. OpenSCEP is quite lightweight & specific, whereas
> OpenCA is trying to be a ful
24 matches
Mail list logo
