> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Frederic Nivor
> Sent: Friday, 02 May, 2014 11:18
> To: openssl-users@openssl.org
> Subject: OpenSSL / GnuTLS / Certificate Installation HowTo
>
> I would like to create a TCP client/server scenario:
>
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of foxtrot
> Sent: Friday, 02 May, 2014 11:47
>
> I open my browser on my client windows workstation. I open the URL to
> webserver1 and the certificate on that server shows a green lock, no
> warnings..
Maybe I'm missing something, but:
- The app server cert is not signed by the CA cert, so there's no point in
sending the CA cert as part of the chain for that server.
- The app server cert isn't self-signed, either (contrary to what the original
message claimed).
- The new cert is an X.509v1 c
Hello,
in the request tracker under item #843 there are patches for 0.9.7c
(created and tested on Fujitsu BS2000) and 0.9.7j (updated by Jeremy
Grieshop for z/OS).
Because i saw no actions to incorporate the patches into the official
sources in the last ten years i saved afterwards the work to
I open my browser on my client windows workstation. I open the URL to
webserver1 and the certificate on that server shows a green lock, no
warnings...allows me access. I open a 2nd browser tab with the URL of
webserver2 and I get an SSL Error and cannot get there...not even a
warning...just canno
On Thu, May 01, 2014 at 02:37:59PM -0700, foxtrot wrote:
> However, we are unable to get
> both certificates to work at the same time. If we load one of them first it
> works but the other will not load (fails). We can't seem to understand why
> whichever SSL is the 2nd to be read fails. Though
I would like to create a TCP client/server scenario:
- a simple C server on a VPS
- a simple C client on another device
And I would like to secure the TCP connection between them. GnuTLS
seems to be a good choice (they also propose some client/server
samples).
My web hosting provider gave me a SSL
Hello,
I recommend you have a look at here, where I compiled 1.0.0a.
http://delaage.pierre.free.fr/
There is a lot of compilation issues to compile for WCE.
I am NOT using VC compiler, but a free compiler for WCE from MS, called EVC.
Basically, compilations options are very similar to ones for
Nothing jumps out at me, sorry. Hopefully others will find something.
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rs...@jabber.me; Twitter: RichSalz
__
OpenSSL Project
no. I posted the text versions of our CA and both certs.
--
View this message in context:
http://openssl.6102.n7.nabble.com/whichever-certificate-loading-first-wins-tp49869p49896.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
_
Here are the text outputs of the certs:
1) app server cert (not the new server)
Data:
Version: 3 (0x2)
Serial Number: 242 (0xf2)
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Texas, O=QBI, OU=Information Technology, CN=QB Root
CA
Validity
> We have a webserver with an SSL self-signed certificate that uses our company
> CA cert in its chain
I can't parse that -- either it's self-signed (usually only done by root CA's),
or it's using an internal company CA.
Can you post "x509 -text" for both certs?
/r$
--
Principal Se
A further related question: Is there some way to remove a suspended
certificate from a CRL without manually editing the index file? Using the "-
crl_reason removeFromCRL" option on the ca command does not work.
cheers
Mat
On Friday 02. May 2014 14:35:23 you wrote:
> Hy!
>
> If I have suspended
Hy!
If I have suspended (crlReason=certificateHold) a certificate in the past an
now want to really revoke it using "openssl ca", I get an error message
"ERROR:Already revoked, serial number 01". Is there some way to make openssl
automaticalls "upgrade" the suspension to a revocation with havin
Am 30.04.14 16:13, schrieb Viktor Dukhovni:
The function is part of the public API (its name starts with an
upper case X509 not x509 as with internal interfaces), so changing
its semantics would introduce an incompatibility with applications
that rely on the old behaviour.
Well, bug fixes in g
Did you give them the same serial number? Because that will break things.
On Thu, May 1, 2014 at 2:37 PM, foxtrot wrote:
> We have a webserver with an SSL self-signed certificate that uses our
> company
> CA cert in its chain to authenticate along with a user certificate on the
> client browse
We have a webserver with an SSL self-signed certificate that uses our company
CA cert in its chain to authenticate along with a user certificate on the
client browser. The Client cert loads and shows issued to and
the only other chain portion is our Self-Signed CA Cert. This has been
working fin
(tl;dr : see questions at the end)
I'm trying to build nested CMS structures, as in, having a file F, a signer S
and a recipient R, I want to build a CMS-compliant message M which looks like:
M = SignedData(ECI, SignerInfo(S))
ECI = EncapsulatedContentInfo( EnvelopedData( RecipientInfo(R) )
Wh
18 matches
Mail list logo