Richard Hartmann wrote:
> I am replying to myself to clarify somthing which I should have put
> better:
>
> I want to run my own CA, not buy certificates from established ones.
You said "CA packages", you didn't say something to the effect of
"use a retail Certificate Authority". So at least som
Hi,
My requirement is to write to a new engine that will be loaded by an
application for its crypto functionalities. The engine shall
communicate with the smart card for encryption/ decryption, and
digital signature.
I have no clue how to start with. Is there any documentation available
regarding
On Wed, Sep 19, 2007 at 04:09:29PM -0500, Murphy, David F wrote:
> From what I can tell the extensions are just not being added to my
> certificate.
>
> I see no indication the extensions were added in the output of the
> following command ...
>
> [EMAIL PROTECTED]:Active] ssl.crt # openssl x509
>From what I can tell the extensions are just not being added to my
certificate.
I see no indication the extensions were added in the output of the
following command ...
[EMAIL PROTECTED]:Active] ssl.crt # openssl x509 -in
btesting.bx05.com.crt -noout -text
Certificate:
Data:
Version:
I am replying to myself to clarify somthing which I should have put
better:
I want to run my own CA, not buy certificates from established ones.
Sorry for asking a misleading question :/
Richard
__
OpenSSL Project
Hello, All,
is anybody experienced the following error:
error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record
mac
thank you for any help in advance.
Richard
-
Check out the hottest 2008 models today at Yahoo! Auto
I ran the following command,
openssl x509 -text -in certname.crt
but I do not see any of the subjectAltNames from my config file. Is
this the correct command to see the names in the cert?
I am not getting an error, per say, but a common IE warning message
about, "invalid or does not match" wh
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rodney Thayer
Sent: Thursday, September 13, 2007 7:47 PM
To: openssl-users@openssl.org
Subject: Re: Are there any CA packages that support XMLRPC?
Richard Hartmann wrote:
> On 13/09/2007, Rodney Thayer <[EM
On Wed, Sep 19, 2007 at 08:01:28AM -0700, David Schwartz wrote:
>
> > So could someone guide me with the best practices used in such scenarios?
> > Is there a way to securely embed the private key in the installers / CA
> > certificate?
>
> I guess I'm confused. What purpose would a certificate
> Once I purchase a trusted certificate, I was assuming both of these
> warnings would be removed; I thought a SAN-certificate would allow me to
> connect to the website using alternative names without getting the
> "invalid or does not match" warning.
>
> Thanks,
>
> David
What error are you get
> So could someone guide me with the best practices used in such scenarios?
> Is there a way to securely embed the private key in the installers / CA
> certificate?
I guess I'm confused. What purpose would a certificate serve if anyone can
generate one that serves any purpose?
If I can generate
I can't allow our "production" users to get "invalid certificate" errors
nor do I want to affect my clients with redirection requests. I am also
helping our Exchange2007 folks with the autodiscovery function and the
MS docs recommend a SAN-certificate for these very reasons. In my test
environmen
Hello,
> As far as I could see the ASN.1 is used basically to calculate the
> size of the signature (at least on the ecdsa side). So if I know
> exactly the size of the signatures then I can only remove the use of
> the ASN.1?
ECDSA functions works in general on BIGNUM's (packed in some structures)
Hi, Marek,
Marek Marcola <[EMAIL PROTECTED]> wrote:
> Hello,
> > Is it possible to implement ECDSA and ECICS using OpenSSL? I did not
> > find anything in the documentation or the man pages, although I was
> > told that OpenSSL is capable of elliptic curve cryptography which had
> > been donated
Hello,
>
> I am sorry to write you directly but I have posted my question twice
> on the openssl site and for some reason it never get published.
> I would like to use only the ECDSA, is there any simple way to compile
> it alone (ofcourse with the modules it's using).
> I have tried doing it manu
Marek: I suspect Markus is referring to ECIES (Elliptic Curve
Integrated Encryption Scheme) as specified in ANSI X9.63 and the IEEE
P1363a Draft.
Bill
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
Sent: September 19, 2007 7:35 AM
To: open
Hi, Marek,
Marek Marcola <[EMAIL PROTECTED]> wrote:
> > Does that mean that ECICS is not implemented yet?
> What is ECICS ? I can not find any information :-(
> I'm sure OpenSSL implements generic EC algorithms, ECDSA and ECDH
Sorry, that was a typo, I meant ECIES, of course.
It seems that I sp
adding that "&& 0" got the compiler to continue .. i got another error a
bit later though
could it be my system being a bit messed up ?
those problems seem really fishy to me
/usr/bin/ld: skipping incompatible /usr/bin/../lib/libdl.so when
searching for -ldl
/usr/bin/ld: skipping incompatible
Hi,
Is it possible to give answer of "Sign the certificate? [y/n]:"question to
openssl command with some parameters? I prefer "y" option.
Does openssl accepts "y" option with the following command by default?
openssl ca -batch -key 123456 -config openssl.cnf -out new-cert.pem -infiles
new-req
Hello,
> Marek: I suspect Markus is referring to ECIES (Elliptic Curve
> Integrated Encryption Scheme) as specified in ANSI X9.63 and the IEEE
> P1363a Draft.
OK, thank you for information.
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
Hi Marek,
First I would like to thank you for your quick reply.
I just have one more small question :)
As far as I could see the ASN.1 is used basically to calculate the size of
the signature (at least on the ecdsa side). So if I know exactly the size of
the signatures then I can only remove the u
Hello,
> Is it possible to give answer of "Sign the certificate?
> [y/n]:"question to openssl command with some parameters? I prefer "y"
> option.
>
> Does openssl accepts "y" option with the following command by default?
>
> openssl ca -batch -key 123456 -config openssl.cnf -out new-cert.pem
>
Hello,
> > > Is it possible to implement ECDSA and ECICS using OpenSSL? I did not
> > > find anything in the documentation or the man pages, although I was
> > > told that OpenSSL is capable of elliptic curve cryptography which had
> > > been donated by sun.
> > Elliptic curves are in OpenSSL 0.9.8
Hello,
> I solved the problem. I used "-batch" parameter with openssl with the
> following command. Now I wonder what is the answers of the questions
> (Sign the certificate? [y/n]:"). How can I learn which option [y/n]
> (yes/no) is used?
In OpenSSL source file apps/ca.c look at 'batch' variable,
Hi,
I solved the problem. I used "-batch" parameter with openssl with the following
command. Now I wonder what is the answers of the questions (Sign the
certificate? [y/n]:"). How can I learn which option [y/n] (yes/no) is used?
openssl ca -batch -key 123456 -config openssl.cnf -out new-cert.p
Hi Marek,
I am sorry to write you directly but I have posted my question twice on the
openssl site and for some reason it never get published.
I would like to use only the ECDSA, is there any simple way to compile it
alone (ofcourse with the modules it's using).
I have tried doing it manually, but
Hello,
> Is it possible to implement ECDSA and ECICS using OpenSSL? I did not
> find anything in the documentation or the man pages, although I was
> told that OpenSSL is capable of elliptic curve cryptography which had
> been donated by sun.
Elliptic curves are in OpenSSL 0.9.8e version.
EDCSA is
Hi,
Is it possible to implement ECDSA and ECICS using OpenSSL? I did not
find anything in the documentation or the man pages, although I was
told that OpenSSL is capable of elliptic curve cryptography which had
been donated by sun.
Btw, are there any patent implications?
Thanks,
Markus
--
Mar
Hi,
I tried the following command. But this command asks some questions ( for
instance it asks me "Sign the certificate? [y/n]:" question) and waits for
answer from me. I want to answer this questions with openssl command
automatically. Is this possible?
# openssl ca -key 123456 -config open
Hello,
> When I run the following command, it doesn' t ask me question about
> signing. But I have to press enter button two times. I want to press
> only once to enter button. This command creates emtpy new-cert.pem
> file and it does not add information to demoCA/index.txt file. Is the
> followin
Hi,
When I run the following command, it doesn' t ask me question about signing.
But I have to press enter button two times. I want to press only once to enter
button. This command creates emtpy new-cert.pem file and it does not add
information to demoCA/index.txt file. Is the following command
I thing I have finally found where the problem is. When the TCP connection is
interrupted (pulling out network cable) there are some timeouts set for TCP
connection. Defaultly on LINUX systems, theese configuration items, that sets
TCP timeouts are in /proc/sys/net/ipv4/[tcp_keepalive_...]. I h
Hello everyone,
I have a server application that will use Openssl to communicate with its
clients over SSL secured channel.
This server requires a unique signed server certificate.
I plan to use my personal CA to issue these server certificates.
Now for the ease of deployment, I plan to create s
33 matches
Mail list logo