> From: owner-openssl-us...@openssl.org On Behalf Of Karthik Ravikanti
> Sent: Tuesday, 11 January, 2011 00:44
> Does OpenSSL provide any API for managing a trust store and a key
store like Java?
Not in the same way at least.
OpenSSL most easily uses certs and keys (and related
> From: owner-openssl-us...@openssl.org On Behalf Of Ron Arts
> Sent: Tuesday, 11 January, 2011 17:52
> I just renewed my Thawte webserver certificate. This
> certicifate seems to work fine
> with various browsers I tried, but it curl, wget on CentOS
> 5.5 are not able to verify it:
> I followe
On Tue, Jan 11, 2011 at 11:51:47PM +0100, Ron Arts wrote:
> I just renewed my Thawte webserver certificate. This certicifate seems to
> work fine with various browsers I tried, but it curl, wget on CentOS 5.5
> are not able to verify it:
Browsers often have a fairly large set of trusted roots an
Hello,
I just renewed my Thawte webserver certificate. This certicifate seems to work
fine
with various browsers I tried, but it curl, wget on CentOS 5.5 are not able to
verify it:
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET
Hodie III Id. Ian. MMXI, Peter Sylvester scripsit:
> by using the command x509 and not ca for example.
> you can use a serial number based on a date
> seconds plus processid for example) to guarantee
> uniqueness.
More on this. A serial number MUST be unique (by X.509 design), and
SHOULD be random
Henrik Grindal Bakken wrote:
...
Because the 1.0.x releases don't have any support for FIPS, they
don't implement the FIPS-mandated tests. OpenSSL can't help with
prevalidation now, since its FIPS-validated mode fails new
validation standards compliance in some manner.
You're probably already
On 01/11/2011 05:50 PM, Dominique Lohez wrote:
Fredrik Strömberg a écrit :
Hello,
I want to sign a certificate without using the index or serial files.
Can someone tell me how to disable them?
by using the command x509 and not ca for example.
you can use a serial number based on a date
second
> > I've previously been trying to cross compile openssl-fips version 1.2
for
> > my MIPS target, following the guidance in the user's guide, security
> > policy, and this mailing list. I don't see a crossbuild patch for
version
> > 1.2.2, nor any instructions in the 1.2.2 documentation. I'm
On 1/11/2011 7:02 AM, Fredrik Strömberg wrote:
(For the curious: I don´t need serial because I only identify with CN,
and I don´t need a database because I will never revoke any
certificates.)
The problem is, everybody else identifies by serial. So unless you don't
plan to interoperate with a
Fredrik Strömberg a écrit :
Hello,
I want to sign a certificate without using the index or serial files.
Can someone tell me how to disable them?
Not using -config makes openssl use the compiled default, and using my
own while commenting out "database" and "serial" gives me the error
"variable
On Tue, Jan 11, 2011 at 4:40 PM, Eisenacher, Patrick
wrote:
> Hi Frederik,
>
>> -Original Message-
>> From: Fredrik Strömberg
>>
>> I want to sign a certificate without using the index or serial files.
>> Can someone tell me how to disable them?
>
> you can't. But why would you care about
Hi Frederik,
> -Original Message-
> From: Fredrik Strömberg
>
> I want to sign a certificate without using the index or serial files.
> Can someone tell me how to disable them?
you can't. But why would you care about openssl internals? Just generate your
certificates and fine.
> Not usi
Hello,
I want to sign a certificate without using the index or serial files.
Can someone tell me how to disable them?
Not using -config makes openssl use the compiled default, and using my
own while commenting out "database" and "serial" gives me the error
"variable lookup failed for CA_default::
aerow...@gmail.com writes:
> On Mon, Dec 27, 2010 at 6:47 AM, Henrik Grindal Bakken
> wrote:
>>> 3) obtaining your own from-scratch validation starting with the
>>> 1.0.0 baseline. Good luck with that, you have a long row to hoe.
>>
>> We're going for 3), but as I said, our crypto module is not
14 matches
Mail list logo
