Hi Nils,
Maybe there was really something wrong with this xml file.
But I have an other xml file which was also signed with ecdsa.
The signature value is
dsig:SignatureValueXa4w7I1obBULyZoZRuq5UHIwQVle8NmugYafWWaOU+GoWgp2e745PA7DTT0xztaH/dsig:SignatureValue
And the result with BIO_f_base64()
Self-Signed Certificate - Windows Vistaplease post the steps you did to create
the self-signed cert
Ted
- Original Message -
From: Mike Koponick
To: openssl-users@openssl.org
Sent: Thursday, March 15, 2007 1:09 PM
Subject: Self-Signed Certificate - Windows Vista
Hello,
--
View this message in context:
http://www.nabble.com/How-i-create-a-Ca-tf3425581.html#a9547887
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project
--
View this message in context:
http://www.nabble.com/How-i-create-a-Ca-Ca-tf3425583.html#a9547890
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project
Use CA.pl tool
2007/3/19, legolas [EMAIL PROTECTED]:
--
View this message in context:
http://www.nabble.com/How-i-create-a-Ca-tf3425581.html#a9547887
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
Hi
Thank you for reading my post.
Can some please tell me whether what i think is correct or not and then give
me some help to complete what I am intending to complete?
Each user in a system can have a digital certification.
this digital certifications can be generated using techniques mentioned
Step 1) locate CA.pl script
Step 2) Understand use of CA.pl (./CA.pl --help)
CA.pl create a new CA, sign a self-signed certificate and sign user
certificate.
I think it's what you need.
2007/3/19, legolas [EMAIL PROTECTED]:
Hi
Thank you for reading my post.
Can some please tell me
Hi,
I would suggest using CSP - a perl wrapper for OpenSSL - to set up your CA:
http://devel.it.su.se/pub/jsp/polopoly.jsp?d=1026a=3290
You can download the source using CVS (see
http://devel.it.su.se/pub/jsp/polopoly.jsp?d=1025).
CSP is quite easy to use, at least, to get started. Here is the
Does really no one have any idea?
-Original Message-
From: Jürgen Heiss
Sent: Montag, 19. März 2007 08:41
To: 'openssl-users@openssl.org'
Subject: RE: Problem with ecdsa
Hi Nils,
Maybe there was really something wrong with this xml file.
But I have an other xml file which was also
Thank you for your comments.
I delete the demoCA and then I create a CA using ca.pl
It create the CA in default folder (I did not edit the pl file to change the
folder.)
My question is :
How i can sign some certification using this new CA?
What if I create my CA in some other folders, how
As long as nobody could help me I continued my search on my own and found the
following
http://tools.ietf.org/html/draft-ietf-pkix-ocdp-00
In chapter 3 you can find:
…Examples of CRL partition scopes are:
(1) All of the certificates of a CA with serial numbers between 10,000
and 19,999
Hi
Thank you for reading my post.
How i can convert a pem file to a cer file in openSSL?
thanks
--
View this message in context:
http://www.nabble.com/how-i-can-convert-a-pem-file-to-a-cer-file-using-openSSL--tf3426291.html#a9549874
Sent from the OpenSSL - User mailing list archive at
CA.pl --newreq
Create a new request of signature
CA.pl --sign
Sign request with CA information (the default CA created with CA.pl tool)
CA.pl tool takes information from openssl.cnf. You can change folders in the
tool as you like.
CA.pl -verify is the tool to verify that everything is
openssl x509 -in mykey.pem -inform PEM -out mykey.der -outform CER
2007/3/19, legolas [EMAIL PROTECTED]:
Hi
Thank you for reading my post.
How i can convert a pem file to a cer file in openSSL?
thanks
--
View this message in context:
On Mon, Mar 19, 2007 at 12:58:22PM +0100, Vincenzo Sciarra wrote:
openssl x509 -in mykey.pem -inform PEM -out mykey.der -outform CER
That would be:
... -outform DER
not
... -outform CER
--
Viktor.
Yes,
sorry my error
2007/3/19, Victor Duchovni [EMAIL PROTECTED]:
On Mon, Mar 19, 2007 at 12:58:22PM +0100, Vincenzo Sciarra wrote:
openssl x509 -in mykey.pem -inform PEM -out mykey.der -outform CER
That would be:
... -outform DER
not
... -outform CER
--
Ron: You need to determine why most of your object files are not being found,
for example /var/tmp/openssl-fips-1.1.1/crypto/aes/aes_cbc.o
It should exist after the make, but it would appear that it is not there when
you are doing the make install.
With regard to you question on SSH, it was
Im lost on how to bring in Certs from Network Solutions.. Im trying
to get TLS running TRUSTED. My OS redhat..and one of the problems
TLS is working from inside to out but anyone replying command unknown
STARTTLS=client, relay=mail.sterlingsavings.com., version=TLSv1/SSLv3,
verify=FAIL,
Im lost on how to bring in Certs from Network Solutions.. Im trying
to get TLS running TRUSTED. My OS redhat..and one of the problems
TLS is working from inside to out but anyone replying command unknown
STARTTLS=client, relay=mail.sterlingsavings.com., version=TLSv1/SSLv3,
verify=FAIL,
On Mon, Mar 19, 2007 at 10:40:18AM -0400, Michael Fedor wrote:
They send me 4 files
1 AddTrustExternalCARoot.ca trust root
2 UTNAddTrustServer_CA.crt intermediate ca
3 NetworkSolutions_CA.crt intermediate ca
4 (domain) ther.comdomain cert
If they are your CA, it seems
I created that...just to get ssl/tls working how and what do I do
with the files they sent me
Thanks
On 3/19/07, Victor Duchovni [EMAIL PROTECTED] wrote:
On Mon, Mar 19, 2007 at 10:40:18AM -0400, Michael Fedor wrote:
They send me 4 files
1 AddTrustExternalCARoot.ca trust root
2
On Mon, Mar 19, 2007 at 10:58:19AM -0400, Michael Fedor wrote:
I created that...just to get ssl/tls working how and what do I do
with the files they sent me
Ensure that all 4 files are in PEM format. For each file try:
openssl x509 -in type_name_of_file_here -noout -issuer -subject
if
I tried an other xmlfile.
dsig:SignatureValueXa4w7I1obBULyZoZRuq5UHIwQVle8NmugYafWWaOU+GoWgp2e745PA7DTT0xztaH/dsig:SignatureValue
When I decode this SignatureValue with the following function
char *unbase64(unsigned char *input, int length)
{
BIO *b64, *bmem;
char *buffer = (char
Thanks
I made newcert.pem (thats not to replace the cacert is it) append the
private key to newcert.pem?? I have a cakey newkey(newreq)
Thanks Mike
On 3/19/07, Victor Duchovni [EMAIL PROTECTED] wrote:
On Mon, Mar 19, 2007 at 10:58:19AM -0400, Michael Fedor wrote:
I created that...just to
Thanks Victor for your help
STARTTLS=server, error: SSL_CTX_check_private_key failed(/demoCA/serverkey.pem)
the new cert I called serverkey.pem how do I creat the key for this file
Mike
On 3/19/07, Victor Duchovni [EMAIL PROTECTED] wrote:
On Mon, Mar 19, 2007 at 10:58:19AM -0400, Michael
Nils Larsch wrote:
James Walker wrote:
I'm wondering why the sigbuf parameter of RSA_verify is declared as
unsigned char* rather than const unsigned char*. It's not going to
change the signature, is it?
it should not change the signature input and in openssl = 0.9.8
it is const.
Thanks!
Here are the steps I used to create the cert: I removed some information
to protect the innocent.
Thanks!
Mike
openssl genrsa -des3 -out portal-server.key 1024
openssl req -new -key portal-server.key -out portal-server.csr
Using configuration from /usr/share/ssl/openssl.cnf
Hi Bill,
Thanks for responding. To make sure I didn't screw things up, I untarred the
openssl-fips-1.1.1 tarball again, and ran through the config, make, make test,
and make install. The make install still fails the same way. However, from what
I can see, all the object files do exist. Using
One other item which may help: the documentation says that the make install is
supposed to install four files. Three of them exist: fipscanister.o,
fipscanister.o.sha1, and fips_premain.c. However, the fourth,
fips_premain.c.sha1, doesn't exist. Instead I have fips_premain.dso. Is this a
What should I check and where
STARTTLS=server, error: SSL_CTX_check_private_key failed(/demoCA/newkey.pem): 0
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Hello,
What should I check and where
STARTTLS=server, error: SSL_CTX_check_private_key failed(/demoCA/newkey.pem): 0
This means that your public part of private key (n,e) does not exist
in certificate you provided.
I other words, your certificate is not from your private key.
Best regards,
--
Ron: This may be a long shot, but have you tried it by leaving out the
make test step. It is not in the recommended steps for building the
FIPS version of OpenSSL in either the Security Policy or the User Guide.
I have always used:
./config fips
make
make install
Nils Larsch wrote:
Moin Jürgen,
Jürgen Heiss wrote:
Hi everybody,
I try to verify a xml file which was signed with ecdsa-sha1.
I alredy read to SignatureValue from the xmlfile. which is.
724PlFGHTTL1cFlLFU6g6UetcPVBEAN6oNpogAUx3rgELFH86gA+NqvjVf316zek
are you _really_ sure that this is
Hello:
I'm sorry if this information can be found elsewhere, but I haven't been able
to find it.
I have a hardware acceleration engine on a board for which I've got a Linux
device driver, but I don't have an OpenSSL driver for the engine. Is it
possible to configure OpenSSL to use the
Thanks, Victor. It looks like OCF-Linux is exactly what I'm looking for.
I had run across OCF in my googling, but thought it was for OpenBSD,
and obviously hadn't looked into it far enough.
Shane
On Monday, March 19, 2007 4:00 PM, Victor Duchovni wrote:
On Mon, Mar 19, 2007 at 02:28:57PM
In message [EMAIL PROTECTED] on Mon, 19 Mar 2007 14:28:57 -0800, Shane
McDonald [EMAIL PROTECTED] said:
Shane_McDonald I have a hardware acceleration engine on a board for
Shane_McDonald which I've got a Linux device driver, but I don't have
Shane_McDonald an OpenSSL driver for the engine. Is
#0 0x08081361 in BIO_ctrl ()
#1 0x0815fac0 in ?? ()
#2 0x08051a88 in ?? ()
#3 0xbf9a4e98 in ?? ()
#4 0x0805ad6e in SSLwrapper::ProcessBuffers (this=0xb7fdb480,
[EMAIL PROTECTED], read=false, write=false) at SSLwrapper.cpp:34
Previous frame inner to this frame (corrupt stack?)
I get that
37 matches
Mail list logo
