Re: [openssl-users] Serial Number with OpenSSL

FOURES TOM wrote: > When I see SSL certificates, their serial number is like this : > 0A:8D:9A:4Q:8X:1A:0B:88:18:1Z That's an unusual Serial Number, which even if you made this up, is just an integer. IDevID/802.1AR certificates will have a subjectAltName that

Re: [openssl-users] ASN1 & Recursive Structures definition

Hi Richard, thanks :D That worked. I have a new challenge for you now. Here's what I am trying to do: ASN1_SEQUENCE(TEST); ASN1_SEQUENCE(TBS_TEST) = { ASN1_SIMPLE(TBS_TEST, version, ASN1_INTEGER), ASN1_EXP_SEQUENCE_OF_OPT(TBS_TEST, otherTests, TEST, 0) } ASN1_SEQUENCE_END(TEST)

Re: [openssl-users] FIPS certification for openssl

Hi there, long time lurker .. This sort of thing is a Remarkably Unique Occasion ... Personally, I do subscribe here for genuine, up to date, informative and even humorous (on occasion) information. I do not expect this to be the sole source of my knowledge. But .. I did learn of the

Re: [openssl-users] Serial Number with OpenSSL

4Q? 8X? 1Z? Those are not octets that can show up in serial numbers. -Kyle H On Fri, Dec 1, 2017 at 2:21 PM, FOURES TOM wrote: > Hello, > > When I see SSL certificates, their serial number is like this : > 0A:8D:9A:4Q:8X:1A:0B:88:18:1Z > > So, how could I set my serial

Re: [openssl-users] FIPS certification for openssl

On 12/1/2017 2:57 PM, Michael Wojcik wrote: >> Yes, compatibility is a concern.  So make the "default to secure" options be >> new functions. > That's certainly better than what you proposed in your previous messages. Sorry, I wasn't trying to propose any particular concrete interfaces.  I was

Re: [openssl-users] ASN1 & Recursive Structures definition

In message <2c480bc2-3367-38e9-f4d8-3e7b37e42...@openca.org> on Fri, 1 Dec 2017 12:14:54 -0700, "Dr. Pala" said: director> I am trying to define an ASN1 structure similar to this: director> director> ASN1_SEQUENCE(TEST) = { director> ASN1_SIMPLE(TEST, version,

Re: [openssl-users] openssl-users Digest, Vol 37, Issue 1

In message on Fri, 01 Dec 2017 21:34:15 +, openssl-users-requ...@openssl.org said: openssl-users-request> Hi, openssl-users-request> openssl-users-request> I have a `Certificates.p12` file that I wish to convert to a

Re: [openssl-users] What is the output format of `openssl pkcs12`? How can I make it output a PKCS#1 private key?

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf Of > James Fisher > Sent: Friday, December 01, 2017 14:39 Haven't seen any other replies to this yet. I don't have time to verify any of the below right now, so this is just off the top of my head and may well be wrong.

Re: [openssl-users] FIPS certification for openssl

> From: Jordan Brown [mailto:open...@jordan.maileater.net] > Sent: Friday, December 01, 2017 17:18 > On 11/30/2017 5:41 AM, Michael Wojcik wrote: > > There are a great many OpenSSL consumers. Making radical changes to the > > default behavior of the API would break > > many applications - and

[openssl-users] Serial Number with OpenSSL

Hello, When I see SSL certificates, their serial number is like this : 0A:8D:9A:4Q:8X:1A:0B:88:18:1Z So, how could I set my serial file (with serial.old) for to obtain User Certificates with this serial using my openssl.cnf file? Thank you for your help! Have a nice day. Aris --

Re: [openssl-users] FIPS certification for openssl

On 11/30/2017 5:41 AM, Michael Wojcik wrote: > There are a great many OpenSSL consumers. Making radical changes to the > default behavior of the API would break many applications - and so it's > likely those applications would stop updating their OpenSSL builds. Yes, compatibility is a concern. 

[openssl-users] ASN1 & Recursive Structures definition

Hi all, I am trying to define an ASN1 structure similar to this: ASN1_SEQUENCE(TEST) = { ASN1_SIMPLE(TEST, version, ASN1_INTEGER), ASN1_EXP_SEQUENCE_OF_OPT(TEST, otherTests, TEST, 0) } ASN1_SEQUENCE_END(TEST) IMPLEMENT_ASN1_FUNCTIONS(TEST) [**] what is the correct procedure for doing

[openssl-users] What is the output format of `openssl pkcs12`? How can I make it output a PKCS#1 private key?

Hi, I have a `Certificates.p12` file that I wish to convert to a `certificates.pem` containing an unencrypted private key in PKCS#1 format. I have previously been able to do this by running: openssl pkcs12 -in Certificates.p12 -out certificates.pem -nodes -clcerts The resulting