Anyone set up SSL with Oracle 9iAS (OC4J)?
If so, how do you set up the Truststore and client authentication in the
XML? I can't find any docs on this anywhere, and the Oralce forums aren't
helping either.
Like if in Tomcat, all you have to do is clientAuth=true, whats the
equivalent tag for
Hallo,
how can i compile the openssl library so i get only the rsa sign algorithm
or the key generation?
Or is it possible to compile only the cryptolib?
Thx for replay
Robert Kutsch
__
OpenSSL Project
On Thu, Aug 26, 2004, Joseph Bruni wrote:
I did as you suggested and dumped the CRL object from within the validation routine.
Using the X509_STORE_CTX pointer passed in, I used the current_crl member to get
to a X509_CRL pointer, and fed that to a PEM_write() routine.
Interestingly, the
Title: Extracting user-defined attributes from certificate subject
I'm using a specific certificate profile which includes a user-defined attribute
serialNumber in the subject.
An example subject looks like this:
Subject: serialNumber=Z000805N, GN=Thomas, SN=Kraemmer, O=Siemens,
Running these 2 commands does work
openssl dgst -out ud -sign rsakey.pem README
openssl dgst -verify rsapub.pem -signature ud README
output is
Verified OK
but with -hex it complains
openssl dgst -hex -out ud.hex -sign rsakey.pem README
openssl dgst -verify
Hello,
I am experiencing a problem with self-signed server certificates generated by
z/OS's pskkyman program in my openssl-enabled telnet client. Usually, a self-
signed certificate will generate an error of self-signed certificate in my
certificate verify callback routine. If I add the
Hello Jim,
Jim Adams wrote:
I am experiencing a problem with self-signed server certificates generated by
z/OS's pskkyman program in my openssl-enabled telnet client. Usually, a self-
signed certificate will generate an error of self-signed certificate in my
certificate verify callback routine.
On Fri, Aug 27, 2004, Jon Bendtsen wrote:
So, am i doing anything wrong, or is there a bug in openssl?
Can i translate the -c - hex or -hex output to a binary file before i
verify that?
If so, how do i do that?
Not so much a bug as something that's not implemented. It should be
Hi Everybody,
we are trying to encrypt a file using the openssl command.
openssl enc -ciphername [-in filename] [-out filename] [-pass arg] [-e] [-d] [-a] [-A] [-k password] [-kfile filename] [-K key] [-iv IV] [-p] [-P] [-bufsize number] [-debugopenssl enc -ciphername [-in filename] [-out
On Fri, Aug 27, 2004, ecc samba wrote:
Hi Everybody,
we are trying to encrypt a file using the openssl command.
openssl enc -ciphername [-in filename] [-out filename] [-pass arg] [-e] [-d] [-a]
[-A] [-k password] [-kfile filename] [-K key] [-iv IV] [-p] [-P] [-bufsize
On Thu, Aug 26, 2004, Ralph wrote:
Hello list members,
I'm trying to set up an Apache 2 based web server for multiple name
based virtual hosts. As it is not possible with mod_ssl to have a
seperate SSL certificate file for each virtual host, I'd like to
create a single certificate file
Title: How much entropy is good?
What is a good amount of entropy to gather for seeding the PRNG? I guess the more the better, but is there a magic number that most people use that provides enough randomness for good security?
Ed
Den 27. aug 2004, kl. 18:33, skrev Dr. Stephen Henson:
On Fri, Aug 27, 2004, Jon Bendtsen wrote:
So, am i doing anything wrong, or is there a bug in openssl?
Can i translate the -c - hex or -hex output to a binary file before i
verify that?
If so, how do i do that?
Not so much a bug as something
Dr. Stephen Henson wrote:
You can work round that with the preserve config file option or
the -preserveDN command line option.
The preserve option indeed allows me to sign a certificate which
includes multiple common names. Unfortunately, it now seems that both
Mozilla 1.7 and Mozilla Firefox
I thought that at first, but I made similar certs with critical Key
Usage parameters
using openssl and openssl liked them.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Goetz Babin-Ebell
Sent: Friday, August 27, 2004 12:18 PM
To: [EMAIL PROTECTED]
On Fri, Aug 27, 2004, Jim Adams wrote:
I thought that at first, but I made similar certs with critical Key
Usage parameters
using openssl and openssl liked them.
If you certificate signing is absent from key usage (critical or not) then
the certificate wont be acceptable as an untrusted
Ralph wrote:
Hello list members,
I'm trying to set up an Apache 2 based web server for multiple name
based virtual hosts. As it is not possible with mod_ssl to have a
seperate SSL certificate file for each virtual host...
Actually, you can, but they have to have separate IP addresses.
(Requiring
Hey, I'm new to using Openssl. I'm trying to use the BN library. For
some reason I can't use the functions defined in openssl/bn.h. Can anyone
tell me what I'm missing?
I've tried this with openssl version 0.9.7d and a snapshot from a month
ago with identical results.
Here's a really simple
What is a good amount of entropy to gather for seeding the PRNG?
I guess the more the better, but is there a magic number that most
people use that provides enough randomness for good security?
Ed
There are several different opinions about this. My own is that you need
enough
19 matches
Mail list logo