> From: owner-openssl-us...@openssl.org On Behalf Of redpath
> Sent: Thursday, 22 August, 2013 09:36
> I have searched the forums for multiple hostnames and commonName.
> I cannot get created Certs that are signed by the CA to have
> a commonName supplied in the
> config instead of the command l
>From: owner-openssl-us...@openssl.org On Behalf Of Yijun Wu
>Sent: Friday, 23 August, 2013 04:05
>I'm using OpenSSL to do some research and I find some
>strange behaviors of certificate exchange on client side.
>The cipher suite is set to "AES128-SHA" on both server
>and client side,
Hi there,
I'm using OpenSSL to do some research. I find if I use
X509_load_crl_file() to load multiple CRL files in sequence, it seems that
only the lasted loaded crl file takes effect. That is when I firstly load
a CRL signed with a RSA CA and then load a CRL signed with a DSA CA, the
RSA sig
I have searched the forums for multiple hostnames and commonName.
I cannot get created Certs that are signed by the CA to have a commonName
supplied in the
config instead of the command line. I also want them to have subjectAltName
fields
too. I have tried the Policy *match* and basically get erro
The RFC 5280 is for path building and validation when certificates are being
used. It is not meant for validation during certificate creation. As Rich
indicated OpenSSL will sign anything you present.
With kind regards,
Patrick Tronnier
Principal Security Architect &
Sr. Director of Quality As
I sign the cert with a CA
ca -out ibmCMSsslcert.pem -in ibmCMSssl.csr -config ibmcms.cnf -batch -cert
ibmCAcert.pem -extensions v3_req
The config has this
*[ v3_req ]*
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
*extendedKeyUsage = OCSPSigning*
nsCert
[ v3_req ]
nsCertType = server,client
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
extendedKeyUsage = OCSPSigning
I am trying to create SSL cert signed by the CA and want OCSPsigning
extended key usage
and it turns off SSL server and SSL client
Hi there,
I'm using OpenSSL to do some research. I find if I use
X509_load_crl_file() to load multiple CRL files in sequence, it seems that
only the lasted loaded crl file takes effect. That is when I firstly load
a CRL signed with a RSA CA and then load a CRL signed with a DSA CA, the
RSA sig
Hi there,
I'm using OpenSSL to do some research and I find some strange behaviors of
certificate exchange on client side.
The cipher suite is set to "AES128-SHA" on both server and client side,
which I think shall only use and exchange RSA key and certificate. But
when client side doesn't con