Hi, I've done some googling and failed to come up with an answer...
I have openssl 1.0.0-25 (also seeing it as 1.0.0-fips) installed on
a test server running CentOS 6.3 (2.6.32-279.14.1.el6.x86_64). It is
the latest one avaialble from the CentOS repositories.
I've downloaded and set up
OpenSSL 1.0.1 works fine here, both with expired and revoked
certificates (i.e. correctly reports the status).
Could you share your elements (certs, CRLs)?
--
Erwann ABALEA
-
chlorophytophonie: musique pour les plantes vertes
Le 05/12/2012 15:11, Will Nordmeyer a écrit :
Hi, I've done
They are US. gov't certificates CRLs, so providing them is a little
complicated. Before I had the proper root intermediate CAs loaded
and hashed, I would get errors about missing certs in the chain.
Similarly, before I loaded the CRL, it would have issues.
The CERTs are in PEM formats, as well
On Wed, Dec 05, 2012, Will Nordmeyer wrote:
They are US. gov't certificates CRLs, so providing them is a little
complicated. Before I had the proper root intermediate CAs loaded
and hashed, I would get errors about missing certs in the chain.
Similarly, before I loaded the CRL, it would
On Wed, Dec 5, 2012 at 10:47 AM, Dr. Stephen Henson st...@openssl.org wrote:
On Wed, Dec 05, 2012, Will Nordmeyer wrote:
They are US. gov't certificates CRLs, so providing them is a little
complicated. Before I had the proper root intermediate CAs loaded
and hashed, I would get errors
On Wed, Dec 05, 2012, Will Nordmeyer wrote:
On Wed, Dec 5, 2012 at 10:47 AM, Dr. Stephen Henson st...@openssl.org wrote:
On Wed, Dec 05, 2012, Will Nordmeyer wrote:
They are US. gov't certificates CRLs, so providing them is a little
complicated. Before I had the proper root
On Wed, Dec 5, 2012 at 11:22 AM, Dr. Stephen Henson st...@openssl.org wrote:
On Wed, Dec 05, 2012, Will Nordmeyer wrote:
On Wed, Dec 5, 2012 at 10:47 AM, Dr. Stephen Henson st...@openssl.org
wrote:
On Wed, Dec 05, 2012, Will Nordmeyer wrote:
They are US. gov't certificates CRLs, so
On 12/5/2012 5:30 PM, Will Nordmeyer wrote:
On Wed, Dec 5, 2012 at 11:22 AM, Dr. Stephen Henson st...@openssl.org wrote:
On Wed, Dec 05, 2012, Will Nordmeyer wrote:
On Wed, Dec 5, 2012 at 10:47 AM, Dr. Stephen Henson st...@openssl.org wrote:
On Wed, Dec 05, 2012, Will Nordmeyer wrote:
They
On Wed, Dec 5, 2012 at 12:18 PM, Jakob Bohm jb-open...@wisemo.com wrote:
On 12/5/2012 5:30 PM, Will Nordmeyer wrote:
On Wed, Dec 5, 2012 at 11:22 AM, Dr. Stephen Henson st...@openssl.org
wrote:
On Wed, Dec 05, 2012, Will Nordmeyer wrote:
On Wed, Dec 5, 2012 at 10:47 AM, Dr. Stephen Henson
I am trying to change the password of a private key with 'openssl rsa'
command. The original key file, server.key.enc has the following format:
-BEGIN ENCRYPTED PRIVATE KEY-
-END ENCRYPTED PRIVATE KEY-
When I used the command openssl rsa -in server.key.enc -passin
Hi Ashok,
On Wed, Dec 5, 2012 at 12:29 AM, Ashok C ash@gmail.com wrote:
Hi,
Our current SSL server loads plain-text private keys using the
SSL_CTX_use_PrivateKey_file() method. We are moving from this strategy to
use custom encrypted private keys using the TPM concept. For this, we have
The SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS option only affects how the OUTBOUND
(i.e. SSL_write) records are split (or not), correct? It doesn't define any
behavior for how the INBOUND records (i.e. SSL_read) should be split (or not),
correct?
So, it's possible that different sides of an SSL
On Wed, Dec 05, 2012, Ashok C wrote:
Hi,
Our current SSL server loads plain-text private keys using the
SSL_CTX_use_PrivateKey_file()
method. We are moving from this strategy to use custom encrypted private
keys using the TPM concept. For this, we have an engine implemented. Now
the
Thanks Steve and Kent for the pointers.
Makes things clear for now.
On Thu, Dec 6, 2012 at 4:22 AM, Dr. Stephen Henson st...@openssl.orgwrote:
On Wed, Dec 05, 2012, Ashok C wrote:
Hi,
Our current SSL server loads plain-text private keys using the
SSL_CTX_use_PrivateKey_file()
method.
On Wed, Dec 05, 2012 at 10:38:59AM -0800, Alex Chen wrote:
I am trying to change the password of a private key with 'openssl rsa'
command. The original key file, server.key.enc has the following format:
-BEGIN ENCRYPTED PRIVATE KEY-
-END ENCRYPTED PRIVATE KEY-
This is
15 matches
Mail list logo