I use the src rpm downloaded from
http://koji.fedoraproject.org/koji/buildinfo?buildID=551423 .
Inquired about this issue with one of the package maintainers from
koji.fedoraproject.org and following was his comment.
"Apparently the Known answer test for RSA X9.31 signatures
does not match an
> and how do I generate an ECDSA certificate?
To generate a selfsigned ECDSA cert the same ways you do RSA,
except use EC instead of RSA.
- use req -new with EC key or -newkey with EC parms and -x509
to generate selfsigned cert directly.
- use req -new with key or -newkey to generate CSR,
then
Hi All,
I have a DTLS implementation where I am trying to connect to a server using
SSL_connect(). I am checking for the error codes using the SSL_get_error.
My underlying BIO is non-blocking. Is there a way to figure out if the
remote peer exists or not? As of now, I get SSL_ERROR_WANT_READ for
> There is no need for an API for a non-interoperable feature that would
> violate the TLS protocol:
>
> https://tools.ietf.org/html/rfc5246#section-7.4.6
Perhaps more usefully, see
http://datatracker.ietf.org/doc/draft-thomson-tls-care/
This will almost definitely be part of TLS 1.3. Note
Hi,
I would like to know if I can always pass the export password of the .p12
client certificate to openssl without worrying about the pass phrase that
needs to be set on generating the .p12 file. I looked function
int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509
**cert, STAC
[ Redirecting to openssl-users ]
On Wed, Aug 13, 2014 at 01:05:24AM +0400, Fedor Indutny wrote:
> I just discovered that there is no way to force OpenSSL SSL client to send
> Certificate record if server hasn't sent CertificateRequest.
That would be a TLS protocol violation.
> Would a patch th
In message
, Tapas
Behera avows:
%--- Begin Cite ---%
>
> How to Cross Compile OpenSSL for arm-none-eabi arch?
>
%--- End Cite ---%
Add the following to your config command:
--cross-compile-prefix=$(CROSS_COMPILE_PREFIX)
where CROSS_COMPILE_PREFIX looks something like:
On Mon, Aug 11, 2014, Abdul Anshad wrote:
> Hello All,
>
> I have a set up which runs Apache http-2.4.10 and Openssl-1.0.1i,
> when I try to start the http server with FIPS mode i get the
> following error.
>
> [Mon Aug 11 14:39:24.407781 2014] [suexec:notice] [pid 380] AH01232:
> suEXEC mechani
On Tue, Aug 12, 2014, Thulasi Goriparthi wrote:
> $ openssl genrsa 2048 > key.pem
> $ openssl req -new -x509 -key key.pem -out cert.pem -sha256
>
You also need to set the environment variable OPENSSL_FIPS=1 so the operations
are performed in FIPS mode.
Steve.
--
Dr Stephen N. Henson. OpenSSL pr
In general for cross-compiling you run ./Configure with various options,
perhaps after setting up some environment variables like CC to point to your
development tools. For example, to build Linux 32-bit on my 64-bit build
machine I start with:
./Configure linux-elf -m32 plus --openssldir= and
How to Cross Compile OpenSSL for arm-none-eabi arch?
check 'ldd mod_ssl.so' for proper linkage.
-Jayadev.
On Tue, Aug 12, 2014 at 7:01 PM, Abdul Anshad wrote:
> Thank you for the response.
>
> I already have a SHA-256 self signed certificate with a bit size 2048 but
> still ended up with the same error.
>
> I used the following command to create
On Tue, Aug 12, 2014 at 10:25:36AM +0100, lux-integ wrote:
> openssl req \
> -new \
> -config openssl.cnf \
> -out level1/LEVELCAReq.pem \
> -keyout level1/private/LEVEL1CAKey.pem \
Where is the key stored?
> openssl ca \
> -gencrl \
> -crldays 60 \
> -config openssl.cnf \
> -keyf
Thank you for the response.
I already have a SHA-256 self signed certificate with a bit size 2048
but still ended up with the same error.
I used the following command to create the self signed certificate.
$ openssl req -x509 -sha256 -days 365 -newkey rsa:2048 -keyout
/etc/pki/tls/private/lo
Looks like CA.sh doesn't create crlnumber file in demoCA and openssl ca crl
complains about it.
With CA.pl This steps worked.
mkdir RootCA
cp ../openssl-1.0.1h/apps/CA.pl .
chmod +x CA.pl
./CA.pl -newca (Just Enter, will create RootCA)
./CA.pl -newreq
./CA.pl -signCA
./CA.sh -newca (Script on a fresh directory creates demoCA directory
with RootCA and Privatekey)
./CA.sh -newreq (creates a new cert request, with newcert.pem and
newkey.pem)
./CA.sh -signCA (Sign the new req as CA, with RootCA).
You can find the CA.sh in 'openssl-1.0.1h/apps' directory.
On Mon, Aug 11, 2014 at 6:00 PM, Viktor Dukhovni
wrote:
> No, generally you re-use previously generated keys, otherwise you
> lose much of the advantage of "stateless resumption". However,
> along with each keyset you associated some suitable TTL, and you
> stop signing new sessions with a keyset
Greetings
I am trying to learn how to set up a small multilevel CA. Im using the
openssl-1.0.1h. And the computer runs linux. I did the following:
--A- generate rootCA
openssl req \
-new \
-config openssl.cnf_ \
-outROOTCAReq.pem \
-keyout ROOTCAKey.pem \
-B- generated a crl )r root
18 matches
Mail list logo
