hi,
I'm still trying to find why i can't call "openssl smime -decrypt ..." then
"openssl smime -verify ..." in a row (without exiting to the system between
both), my first post is here :
http://marc.theaimsgroup.com/?l=openssl-users&m=103831151213967&w=2.
Looking at ./crypto/pkcs7/pk7_smime.c it
hi,
when you send an user cert in a browser, which content-type do you use ?
i found several times that the x-x509-user-cert type was not in the registry and
i had to write a .reg file like this
--
REGEDIT4
[HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/
Ravi,
you said :
>While importing the received certificate, it is unable to find the private key
in the key store.
>Thatswhy it is storing in the people's certificates store.
>Try to store in the proper key store and check once again.
in your opinion which settings in the vbscript used to c
hi all,
I'm not trying to import this certificate by hand. I'm trying to do this
automatically thanks to the xenroll dll. Maybe it's because my private key is
lost, so once the certificate is ready it can't match a private key and can't go
in the personal store. I'm having a look at
hi all,
I'm trying to insert a certificate in IE5.5 (128 bits) thanks to 2 cgi programs.
The first one create the pkcs10 and submit the request, the second TRIES to
import the received certificate.
-BEGIN CERTIFICATE-
MIIEjzCCA/igAwIBAgICAIkwDQYJKoZIhvcNAQEEBQAwgb0xCzAJBgNVBAYTAkZ
hi all,
I'm using openssl via a "system" call, I can't make it work.
On the debug console, my command line is
-
/usr/local/ssl/bin/openssl ca -notext -config /usr/local/CACertif/openssl.cnf
-batch -key key -preserveDN -spkac /tmp/in -out /tmp/out -startdate
All,
I'm using the X509 object.
I know how to load a certificate in this object.
What is the shorter way to know if it's a self signed certificate ?
Browsing the code I've seen that the X509_STORE_CTX object should be a great
help, but I don't know how create one from a X509.
Many thanks.
__
All,
I have this file :
-BEGIN CERTIFICATE-
MIIDDTCCAfWgAwIBAgIQMDAwMDk3NTQ4Nzg5MjAwMDANBgkqhkiG9w0BAQUFADBV
..
FzbT9dOSjeYe1g/iET+7loA=
-END CERTIFICATE-
Is there a way (using "openssl x509 ... " I suppose) to recognize if this
certificate is an end user certificate o
All,
Using openssl on command line (openssl pkcs7 -in smime.p7s -inform DER
-print_certs), is this possible to only get infos of the end user certificate ?
Many thanks.
__
OpenSSL Project http
All,
I've read that 3 types of certificates exist. From "class 1" to "class 3" (the
higher the safer). How could I find, in a certificate created thanks to openssl,
the number of the class it belongs to ?
Many thanks.
__
Ope
Uli and all,
I've found the problem, I hope my solution will help in the future.
If you want to send signed & encrypted email to outlook or messenger, you have
to sign THEN encrypt the all message.
As far as I've seen encrypting THEN signing isn't a good solution since in that
case two icons a
hi,
> request = xenroll.CreatePKCS10(DN, "1.3.6.1.5.5.7.3.2")
taken from ./include/openssl/objects.h
#define SN_id_pkix"PKIX"
#define NID_id_pkix 127
#define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L
#define SN_id_kp "id-kp"
#define NID_id_kp 12
All,
I'm using the "openssl smime -sign ." utility. And the well known "Enter PEM
pass phrase:" appears :(
Is it scheduled in OpenSSL to add the "[-passin arg]" to the command line, as it
is already available in "openssl req" ?
Is this option present in the latest snapshot ?
I'm using Ope
All,
I'm using the "ca" utility. If I try to give the same DN twice I get :
ERROR:There is already a certificate for...
The matching entry has the following details
Type :Valid
Expires on:010114104924Z
Serial Number :01
File name :unknown
Subject Name :/C=
Dear all,
Is there a way to automagically import a pkcs12 file in IE (4 & 5) ?
thanks.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Dear all,
I'm trying to import a certificate in IE5 (using xenroll.dll).
It works with a cert i've just signed with the root CA, but now with the root CA
itself.
I mean
***
all,
Is there a way to use the "req" utility only on the command line ?
Let's say I have a valid root CA on my server, and people wants to get client
certificate from this CA, thanks to a web page.
In the html there is a field for "countryName", "stateOrProvinceName",
"localityName"... and per
hi,
Now I have this in my pkcs12 info :
***
subject=/C=FR/ST=Nord/O=Certi/CN=dsfdsfqfds/Email=sqdfdqsfqdsfdsqf/1.6=
***
I'd like (for instance) to have "EXT" instead of "1.6". How can I do that since
when I change my [ new_oids ] section, openssl say :
*
hi,
How can I be sure that oid I'm trying to add to my certificate, are actually
added ?
What's the openssl command to use ?
Will my added oids appear somewhere in these lines :
**
subject=/C=FR/ST=Nord/O=Org/CN=mycn/Email=myemail
issuer= /C=FR/ST=Nord/O=Orgi/CN=root
hi,
Thanks for answers about the exit codes.
On the web page for openssl, s/mime utility gives an example for sending an
email with sendmail :
openssl smime -sign -in in.txt -text -signer mycert.pem -from [EMAIL PROTECTED]
-to someone@somewhere -subject "Signed me
hi,
On the web page for openssl, s/mime utility gives exit codes explanations.
1.the operation was completely successfully.
2.an error occurred parsing the command options.
3.one of the input files could not be read.
4.an error occurred creating the PKCS#7 file or
hi,
On the web page for openssl, s/mime utility gives exit codes explanations.
1.the operation was completely successfully.
2.an error occurred parsing the command options.
3.one of the input files could not be read.
4.an error occurred creating the PKCS#7 file or
hi,
Sorry for asking this kind of question again but I've checked the archive and
didn't find a working answer for me :(
I'd like to create a chain certificate using Linux. Please correct me if I'm
wrong in the following :
Steve said :
"First the root certificate : openssl req -x509 -new -key
23 matches
Mail list logo