Try this
openssl smime -verify -in Assinador.tar.gz.pkcs7 -inform DER -content
Assinador.tar.gz -signer signer_certificate.pem -noverify
- Original Message -
From: "Andreas Hasenack" <[EMAIL PROTECTED]>
To:
Sent: Thursday, July 14, 2005 10:49 PM
Subject: How to verify a pkcs7 detached s
>-Original Message-
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED] Behalf Of Michael Sierchio
>Sent: Wednesday, July 13, 2005 1:26 PM
>To: openssl-users@openssl.org
>Subject: Re: Algorithm licensing
>
>
>Ted Mittelstaedt wrote:
>
>> Actually, regardless of the cipher you use, unless
Hey can you try setting verify depth to Zero and not pointing to any CA cert
i.e SSLCACertificatePath pointing to null?
Thanks
--Gayathri
> Hi Again.,
>
> This is what I found from the "log" file you sent..is this pointing to the
> same CA cert "itcilo-ca.crt, I put it in ssl.crt" ?
>
> debug] ss
Hi Again.,
This is what I found from the "log" file you sent..is this pointing to the
same CA cert "itcilo-ca.crt, I put it in ssl.crt" ?
debug] ssl_engine_init.c(1112): CA certificate:
/C=IT/ST=Piemonte/L=Turin/O=ITCILO/OU=MIS/CN=ITCILO
CA/[EMAIL PROTECTED]
[Wed Jul 13 11:48:34 2005] [debug] ssl
> This is a follow on from my last post as the text lost its formatting.
>
> How do I change the utc time of a certificate to a smaller format
> (whilst creating a cert):
> 18082107Z - there are lots of zeros in this format, openssl
> gives less.
There is never more than one way to re
Sorry, the last command shoud have a -outform DER added to it, if you
want your ca in der format.
Anyway, to create a ca is fairly similar to previous versions, the only
thing I have noticed (I am using windows) is that the perl stuff does
not work (but I did not put mcuh time into trying to m
I think I can help you with PC certs - I am having trouble with phone
certs though :(
openssl genrsa -out ca.key 1024 (or whatever size key you want) you can
also chose dsa or dsa1 etc
and
openssl req -new -x509 -key ca.key -out cacert.pem -config [the name of
the config file] - you can als
Reinhard Haller wrote:
[EMAIL PROTECTED] 12.07.2005 21:44 >>>
Reinhard Haller wrote:
I want to create certificates with 2 subject alternative names:
email
employee-number
The emailAddress is not part of the subject distiguished name.
Perhaps you could apply my patch from ticket 1050.
That
1. http://www.iti.br/twiki/pub/Main/PressRelease2005Jun28A/Assinador.tar.gz
2.
http://www.iti.br/twiki/pub/Main/PressRelease2005Jun28A/Assinador.tar.gz.pkcs7
[2] is supposed to be a detached signature for [1], how can this be
verified with an openssl command? I was able to extract the certificate
One thing that seems to work after running Configure is to swap
"-bpowerpc64-linux" with "-m64" in the toplevel Makefile.
Kent
On 7/14/05, Kent Yoder <[EMAIL PROTECTED]> wrote:
> Hi, on RHEL4 ppc64 I am getting the same message while building both
> 0.9.7g and 0.9.8:
>
> [EMAIL PROTECTED] opens
An addition:
The phone surely cannot have the private keys (of all the major
certificate companies) so, it has to be something to do with the format
of the cert. For those who read my earlier posts, I have added the first
2 bytes of certs on the phone (signalling whether it is a v1 or v3
cert
Hi, on RHEL4 ppc64 I am getting the same message while building both
0.9.7g and 0.9.8:
[EMAIL PROTECTED] openssl-0.9.7g]#./Configure linux-ppc64 shared
...
Configured for linux-ppc64.
[EMAIL PROTECTED] openssl-0.9.7g]# make
making all in crypto...
make[1]: Entering directory `/root/openssl-0.9.7
Ignore my last post - I forgot the extra 0s are the hhdd etc...
But I am having a problem - I have deleted all files on my phone, but I
cannot get it to accept my certificates. If I add just one of the old
certificates and then mine, it will be "recognized" - but only as part
of the old one (
On Wed, Jul 13, 2005, Manuel Gil Perez wrote:
> Hi all,
>
> I have a C++ application that uses OpenSSL as cryptographic library and I
> need to create a new OID which will be used in my application.
>
> The definition will be as follows:
>
> #define SN_id_ct_scvp_certValRequest "id-ct-scvp-
Thanks.
David Schwartz wrote:
I am having a lot of problems importing a certificate made in openssl
into a phone, but I can get a keytool certificate imported. The only
thing is that I need to change the V1 cert (keytool only makes V1) to a
V3 cert - can openssl modify a cert to a V3 (without c
This is a follow on from my last post as the text lost its formatting.
How do I change the utc time of a certificate to a smaller format
(whilst creating a cert):
18082107Z - there are lots of zeros in this format, openssl gives less.
Also, how do I add a friendly name object - I have trie
Hi,
I am still stuck on the phone cert creation, but I am inching closer!
How do I generate a cert with only the below data to be included in the
certs? What should be openssl.cnf have? What should be my genrsa be? and
do I need to do anything else? I have attached the asn1parse output of
the
> I am having a lot of problems importing a certificate made in openssl
> into a phone, but I can get a keytool certificate imported. The only
> thing is that I need to change the V1 cert (keytool only makes V1) to a
> V3 cert - can openssl modify a cert to a V3 (without changing anything
> else)?
Hi,
I'm new to OpenSSL, and I'm hoping someone can tell me the easiest/best way
to parse an email address from a X509 V3 client email cert.
Any suggestions would be appreciated.
Thanks,
Thomas
__
OpenSSL Project
>>> [EMAIL PROTECTED] 12.07.2005 21:44 >>>
>Reinhard Haller wrote:
>> Hi,
>>
>> I want to create certificates with 2 subject alternative names:
>> email
>> employee-number
>>
>> The emailAddress is not part of the subject distiguished name.
>>
>Perhaps you could apply my patch from ticket 1050.
Dear Steven,
you're right.
MS VC5 compiler can't compile (at least portions of) openssl 0.9.8, but
MS VC6 compiler does.
Thank you!
Steven Reddie wrote:
> That error message tends to occur when the code is too complicated for the
> compiler. You may be able to avoid the error by rearranging th
Hi, I´m new to OpenSSL 0.9.8. I was using 0.9.7with mod_ssl version
about 2 weeks since yesterday. (everything in Win32,and works I
promise :) )
1.- In 0.9.7 version, i could do my own certificate with:
perl ca.pl -newca (and then, i filled all i need)
But in 0.9.8 it has been some changes that
22 matches
Mail list logo
