Start with certificates.txt and keys.txt in docs/HOWTO
Prashant Sodhiya wrote:
Hi All,
pls help in setting up PKI environment in unix.
i've downloaded "openssl-0.9.7f" configured /installed it.
Now how should i proceed...(configuring CA, generating certificates etc)
thnx in advance
Prashant
___
Hi
Any one knows how to use openssl to verify the digital
signature generated by java program.
What I have done are the following:
1. Using openssl generates the private key and
certificate.
2. Export the key and certificate into the pkcs12
file.
3. Import the key and certificate into "JKS" key
I also created the server certificate based on the same book and chapter. It is
using the same trusted certificate (root.pem) as the client. This is an
application that connects to itself, outbound as a client and inbound as a
server. Makes for compact testing.
Thanks for the tip about CA.pl. I
Dawn Keenan wrote:
>
> > I am trying to build Apache with SSL support, and so I compiled OpenSSL
> > 0.9.7g using gcc 2.95.3 on a Solaris 9 system.
> ...
> > However, when I try to run Apache (either ./apachectl start or ./httpd
> > -), I am getting an error, something like:
> >
> > "Ca
On Tue, Apr 26, 2005, John Moore wrote:
> Thanks a lot! That worked but I don't understand why or when we need to do
> that.
>
> As explained, I'm trying to decrypt and verify a signed and encrypted
> message. When I invoke SMIME_read_PKCS7 before I decrypt I didn't have to
> signal EOF on the
On Tue, Apr 26, 2005, John Hoel wrote:
> I created these certificates based on chapter 5 of "Network Security with
> OpenSSL". The client certificate is signed with the root CA, and that in
> turn is the only item in the trusted store (root.pem). Why would this not
> work? Here is a partial listin
Thanks a lot! That worked but I don't understand why or when we need to do
that.
As explained, I'm trying to decrypt and verify a signed and encrypted
message. When I invoke SMIME_read_PKCS7 before I decrypt I didn't have to
signal EOF on the BIO that contained the original SMIME content. Now I
I created these certificates based on chapter 5 of "Network Security with
OpenSSL". The client certificate is signed with the root CA, and that in turn
is the only item in the trusted store (root.pem). Why would this not work? Here
is a partial listing of the root CA:
Certificate:
Data:
On Tue, Apr 26, 2005, [EMAIL PROTECTED] wrote:
>
> Also - please advise what manufacturer is building those ARM machines. I've
> been looking for something like this. Thanks.
>
I've been using an NSLU2 as a low powered server linux box. That includes an
ARM Xscale processor.
Steve.
--
Dr Ste
It depends what you mean by small. A good idea would be to see of a 200 mHz P1
will do the job.
Next - if you can forward your results to me I'd be very interested.
Depending what you are serving a power power processor like this should be able
to keep a T1 full. But this will depend on the m
On Tue, Apr 26, 2005, John Hoel wrote:
> I've made extensive changes to how I generate certificates. Here is a partial
> listing of the revised client certificate:
>
> Certificate:
> Data:
> Version: 1 (0x0)
> Serial Number:
> ed:db:89:05:53:74:2b:55
> Sig
I've made extensive changes to how I generate certificates. Here is a partial
listing of the revised client certificate:
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
ed:db:89:05:53:74:2b:55
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN
I am using the IBM CC 7.0. I am using the following configure options:
./config no-idea no-threads
I run "make test" and I get:
onvert the certificate request into a self signed certificate using
'x509'
Signature ok
subject=/C=AU/O=Dodgy Brothers/CN=Dodgy CA
Getting Private key
convert a certi
On Tue, Apr 26, 2005, David C. Partridge wrote:
> Is there any expectation that openssl will be enhanced in the near future to
> support the current CMS specification which I think is RFC3852? If
> possible retaining support for the old PKCS#7 "Signed and Enveloped" message
> format?
>
Full su
Title: Message
We are making a CPU
selection for a system and are wondering how much in terms of CPU
horsepower/MIPS it takes to run Openssl.
Specific
question-- would a 180 Mhz ARM processor with 64MB of SDRAM be enough to
run a small SSL enabled webserver with decent performance?
On Tue, Apr 26, 2005, John Moore wrote:
> Thanks. I guess that's not a problem then. The 'ASN1_d2i_bio:not enough
> data' error persists.
>
If you are parsing the result from a memory BIO then you have to tell it to
signal EOF when the BIO empties.
You do that with: BIO_set_mem_eof_return(bio,
On Tue, Apr 26, 2005, Eddy Tan wrote:
> Hi,
>
> Is it true that openssl´s missing something crucial on the
> header ´Content-Type:´ when creating smime message?
> Doing below command:
>
> openssl smime -encrypt -des3 -from '[EMAIL PROTECTED]' \
> -to '[EMAIL PROTECTED]' -subject 'test' \
> -in /
On Tue, Apr 26, 2005, Suram Chandra Sekhar wrote:
> Hi All,
>
> How do I add an IPv6 address to sub-alt name in a certificate. Does
> Openssl support ipv6 in certificates.
>
This is supported in OpenSSL 0.9.8-dev. See:
http://www.openssl.org/docs/apps/x509v3_config.html#Subject_Alternative_N
On Tue, Apr 26, 2005, Calista wrote:
> Hi,
>
> How can I free the memory allocated by
>
> distributionpts = X509_get_ext_d2i(x509,
> NID_crl_distribution_points, NULL, NULL)
>
> when I am getting the CRL distribution points?
>
You use the appropriate *_free() function. For CRLDP it is
Hi all,
I'm new in OpenSSL code, and I'm trying to connect to an https server using the following code: GFX_ASSERT(_conn != NULL);
int rc = SSL_connect(_conn);
if (rc == -1) { Http::logger()->logError(BSERR_STD_INTERNAL, 0, "SSL: Couldn't connect (rc=%ld, ssl-rc=%ld) Error in soc
Prashant Sodhiya wrote:
Hi All,
pls help in setting up PKI environment in unix.
i've downloaded "openssl-0.9.7f" configured /installed it.
Now how should i proceed...(configuring CA, generating certificates etc)
i tried this >>
*/usr/local/ssl/bin/openssl ca*
and got these errrors :-(
Using configu
Thanks. I guess that's not a problem then. The 'ASN1_d2i_bio:not enough
data' error persists.
- John.
From: Eduardo Schettino <[EMAIL PROTECTED]>
Reply-To: openssl-users@openssl.org
To: openssl-users@openssl.org
Subject: Re: SMIME_read_PKCS7 error
Date: Tue, 26 Apr 2005 07:53:11 -0300
Hi ,
John
> I am trying to build Apache with SSL support, and so I compiled OpenSSL
> 0.9.7g using gcc 2.95.3 on a Solaris 9 system.
...
> However, when I try to run Apache (either ./apachectl start or ./httpd
> -), I am getting an error, something like:
>
> "Cannot load /usr/local/apache2/module/m
What about during runtime? That variable is used by "ld" to find
various shared libraries at runtime. It's generally not used during
compile time unless your makefile uses it for the compiler's -L option.
On Apr 26, 2005, at 12:06 AM, ohaya wrote:
Joe,
Sorry. I mis-typed it in my msg. I actual
Hi All,
pls help in setting up PKI environment in unix.
i've downloaded "openssl-0.9.7f" configured /installed it.
Now how should i proceed...(configuring CA, generating certificates etc)
i tried this >>
/usr/local/ssl/bin/openssl ca
and got these errrors :-(
Using configuration from /us
What I think what you need to do is to replace the normal message body
with one that is mime encoded.
if you need a command line why to build mime files you could try
something like mpack.
- Perry
Eddy Tan wrote:
Hi all,
anyone knows how to send s/mime with file attachment?
It´s pretty simple t
Hi All,
pls help in setting up PKI environment
in unix.
i've downloaded "openssl-0.9.7f"
configured /installed it.
Now how should i proceed...(configuring
CA, generating certificates etc)
thnx in advance
Prashant
Hi,
How can I free the memory allocated by
distributionpts = X509_get_ext_d2i(x509,
NID_crl_distribution_points, NULL, NULL)
when I am getting the CRL distribution points?
Thanks.
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the be
Hello,
I am running fedora core 3 and trying to install openssl
0.9.7g. I am using gcc version 4.0.0 20050308, and GNU ld version
2.15.94.0.2 20041220.
using ./config no-asm shared
I get a huge list of errors similar to the following:
libcrypto.a(co86-elf.o)(.text+0x8c0)
Thanks for the suggestion.
I think we also need to decrement num_crls otherwise
we will exceed the array boundary.
Thanks again.
--- Tan Eng Ten <[EMAIL PROTECTED]> wrote:
> How abt adding decreasing the iterator (i--) in the
> if-block so it looks
> like:
>
>
> > for(i=0; i < num_crls
line 55 of crypto\comp\c_zlib.c defines Z_CALLCONV as _stdcall, yet the
default calling convention for zlib 1.2.2 is _cdecl (well, it's actually not
sepcified, which == compiler default, which in VC == _cdecl) see line 210
of zonf.h.
so either Z_CALLCONV has to be changed to blank/undefined/_c
Hi,
My application loads a symmetric key stored in a binary file. I'd
like to add a password in this file for more security. It's a little
software and I will not work with databases. The big problem is how to
link a password to a key without use a database...
Thanks in advance,
Raf
Is there any expectation that openssl will be enhanced in the near future to
support the current CMS specification which I think is RFC3852? If
possible retaining support for the old PKCS#7 "Signed and Enveloped" message
format?
TIA
Dave
Hi ,
John take a look at the function "multi_split" in /crypto/pkcs7/pk7_mime.c .
...
/* Strip CR+LF from linebuf */
next_eol = strip_eol(linebuf, &len);
if(first) {
first = 0;
if(b
Hi All,
How do I add an IPv6 address to sub-alt name in a certificate. Does
Openssl support ipv6 in certificates.
Regards
Suram
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Hi,
Is it true that openssl´s missing something crucial on the
header ´Content-Type:´ when creating smime message?
Doing below command:
openssl smime -encrypt -des3 -from '[EMAIL PROTECTED]' \
-to '[EMAIL PROTECTED]' -subject 'test' \
-in /tmp/body.txt -out /tmp/last.enc user_cert.pem
Results i
hi there
courier-imap: 4.0.2
openssl: 0.9.7g
im trying to compile courier imap with ssl support. but i get following
error while compiling:
my main question is: does this error occurs because of a wrong installed
openssl - or is it a courier imap problem?
-
libcouriertls.c: In Funktion »get
Joe,
Sorry. I mis-typed it in my msg. I actually set it to
/usr/local/openssl/lib when I did the build/compile.
Jim
Joseph Bruni wrote:
>
> Just a shot in the dark, but shouldn't your LD_LIBRARY_PATH be set to
> /usr/local/openssl/lib?
>
> (I appended the "lib" part).
>
> -Joe
>
> On Ap
38 matches
Mail list logo