Hi!
I'm from Vietnamese, my name Bin. I install openTSA complete but when I was
editing tsa.conf file. I can't know how to create TSACertificate,
TSACertificateChain, TSAKey files. I'm newbize. pls help me create then with
openssl ts! Thank You very much!
Sorry for spoor my English.
--
#cat
CA certificates, i.e. root.crt goes in to the cacerts file.
Cheers,
Tomas
http://www.ejbca.org/
On 03/29/2011 09:26 PM, David Patricola wrote:
I’ve found plenty of google results but I am having a disconnect with
the install. My server has it’s own server.crt, server.key and root.crt
Ok thanks. It works now. I use these functions :
-- to obain public key :
X509 *myCert = SSL_get_certificate(cli_ssl);
EVP_PKEY *pubkey = X509_get_pubkey(myCert);
-- to obtain private key :
EVP_PKEY *privkey = SSL_get_privatekey(cli_ssl);
Then to sign and verify:
RSA_sign(NID_sha1, md1,
I 'd like to know to if these calls are correct :
RSA_sign(NID_sha1, md1, md1_len, u_sigret, siglen, privkey-pkey.rsa)
RSA_verify(NID_sha1, md1, md1_len, u_sigret, siglen, pubkey-pkey.rsa)
knowing that :
int RSA_sign(int type, unsigned char *m, unsigned int m_len, unsigned char
*sigret, unsigned
On 03/29/2011 01:16 PM, David Coulson wrote:
On 3/29/11 12:58 PM, Bruce Stephens wrote:
Add the -showcerts option to the s_client commands and you'll see the
first server returns a chain of certificates where the second offers
only the end server certificate.
Okay, I see that - Makes sense.
Do the other two stay in the same folder as root.crt, but only root.crt
actually gets installed in the cacerts file?
-Original Message-
From: Tomas Gustavsson [mailto:to...@primekey.se]
Sent: Wednesday, March 30, 2011 3:49 AM
To: openssl-users@openssl.org
Cc: David Patricola
Subject: Re:
David,
You may get some ambiguous answers to - ultimately - a PG question on the SSL
list... Yes, in a _standard_ PostgreSQL SSL setting, in which libpq is reading
the certs from _default_ positions, the root.crt, postgresql.crt and
postgresql.key are all in the same 'folder'. (I believce
Ha, flex-fuel!
The postgres side of this is 100% functional, so I'm not concerned about
this side anymore (thankfully). As Tomas mentioned, only the root.crt file
should go in, and I hope this is it. If not then it looks like I'm going to
find some Java-based message lists to subscribe to!
Hi,
I 'd like to know if it is a security issue when p ( a DH param ) is not a
safe prime ?
is it more easier to attack DH algorithm with a non safe prime ... ?
Thanks for your help
Ok, I've modified my import as follows: E:\JRun4\jre\binkeytool -importcert
-alias dca -file E:\Jrun4\jre\lib\security\root.crt -keystore
E:\Jrun4\jre\lib\security\cacerts
But I still get a failed connection connecting:
org.postgresql.util.PSQLException: The connection attempt failed.
Sure, at that point you've only handled one half of the handshake. You gotta
find the corresponding command to install or 'present' the client cert now...
- Original Message -
From: David Patricola david.patric...@jefferson.edu
To: openssl-users@openssl.org
Sent: Wednesday, March 30,
So what, or where, is the other half? All sites that explain this for
ColdFusion say that this is all you need to do! I restarted the java
service and tested the ssl connection.
_
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Lou
Hi,
I 'd like to know if there are other values of codes in DH_check(dh, codes)
? This program prints Other result of check :
int codes = 0;
dh_check_ret = DH_check(dh, codes);
if(dh_check_ret == 1){
if(codes == DH_CHECK_P_NOT_SAFE_PRIME)
printf(\nDH_CHECK_P_NOT_SAFE_PRIME\n);
On 3/30/11 8:33 AM, Crypto Sal wrote:
David:
Firefox caches that information, so that it can use them later if you
view a similar certificate hierarchy.
If you view the Firefox Certificate Manager you should see Software
Security Device vs. that of Built in Object next to each of the
Hi all,
i get a file with a signed base64 string produced using the following commands:
openssl dgs -md5 -sign key.pem stringtosign.txt | openssl enc -base64 -A
signedbase64string.txt
that signed string is part of a text file that includes the certificate in pem
format without the public
On 30 Mar 2011, at 9:59 AM, luis hernandez wrote:
i get a file with a signed base64 string produced using the following
commands:
openssl dgs -md5 -sign key.pem stringtosign.txt | openssl enc -base64 -A
signedbase64string.txt
that signed string is part of a text file that includes
On 30 Mar 2011, at 6:19 AM, ikuzar wrote:
I 'd like to know if it is a security issue when p ( a DH param ) is not a
safe prime ?
is it more easier to attack DH algorithm with a non safe prime ... ?
Yes. If p-1 does not have large factors, then it is easier to compute the
discrete logarithm
Thanks Wim,
i know that cer pem files have the public key in it like:
-BEGIN PUBLIC KEY-
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD0ltQNthUNUfzq0t1GpIyapjz...
-END PUBLIC KEY-
-BEGIN CERTIFICATE-
MIIE/TCCA+WgAwIBAgIUMzAwMDEwMDAwMDAxMDAwMDA4MDAwDQYJKoZIhvcNAQEF...
On 30 Mar 2011, at 12:02 PM, luis hernandez wrote:
Thanks Wim,
i know that cer pem files have the public key in it like:
-BEGIN PUBLIC KEY-
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDD0ltQNthUNUfzq0t1GpIyapjz...
-END PUBLIC KEY-
-BEGIN CERTIFICATE-
OK thanks a lot
Subject: Re: Verify signed text
From: w...@omnigroup.com
Date: Wed, 30 Mar 2011 14:01:24 -0700
To: openssl-users@openssl.org
On 30 Mar 2011, at 12:02 PM, luis hernandez wrote:
Thanks Wim,
i know that cer pem files have the public key in it like:
-BEGIN
20 matches
Mail list logo