Re: Client (personal) certificates

Anyone there have any information on generation of client certificates with openssl? I can generate them (albeit only for Netscrape at the moment - IE doesn't seem to be playing ball) but Netscape won't verify them claiming it's not certified for email. Check to see the CA that has certified

Introduction paper still needed?

l of you are willing to contribute to the requirements, I am prepared to finally do my share of development (sorry, have not been programming that much for the past 2 years...) Jan Meijer SURFnet -- alive ~ true __

Re: SSL Tunneling and Proxy Servers

Again, slightly off-topic. We use apache as a proxy server. All you need to do is turn on 443 in addition to the normal 80 socket in the server. Works fine for us and 5 proxy servers running apache. I recommend apache as a proxy *very* highly. I've tested the apache-proxy as well, in

Re: how trustworthy is stunnel?

Hi everyone, Thanks for the reactions. I'm more confident in using it now :), if we have some notible experiences during our use I'll be sure to mail them to the stunnel mailinglist :) Jan -- alive=true __ OpenSSL Project

how trustworthy is stunnel?

Hi, We're planning on using stunnel in a production environment, but only if we can somehow verify how trustworthy it is. We could perform a source-code-review, but perhaps it's fully trusted by you all? Jan -- alive=true __

https proxy

Hi, Perhaps a little off-topic, but think it is still relevant. Now our ca is nearing completion we are thinking about setting up a pilot testsite. What we want to do is the following: Outside -- WebsiteA -- |firewall| -- WebsiteB We want our employees to be able to get to websiteB through

Re: New openssl/apps/spkac

Dear Steve, I've also added a brand new 'spkac' program that prints out the whole SPKAC structure and allows one to be created from a private key. Its based on your original idea but rewritten from scratch. Since its all very new I'd appreciate any comments. There may well be the odd bug

Re: New openssl/apps/spkac

Hi Massimiliano, You are asking wich type of algorithm the user is about to use (DSA/RSA/ whatever) ? Yep. I am not sure I understood it (partially because I never took a close look to PGP ... blame me (!!!)): can you make some real example ? Cout that be the public key itself contained

Re: apache ssl problems

[Thu Aug 26 19:21:36 1999] [crit] Required SSLCacheServerPort missing [Thu Aug 26 19:24:26 1999] [crit] Required SSLCacheServerPort missing [Thu Aug 26 20:21:36 1999] [crit] Required SSLCacheServerPort missing [Fri Aug 27 17:12:02 1999] [crit] Required SSLCacheServerPort missing Well, it

Re: Addition to openssl.cnf ?

Most CAs will have some requirements on the lengths of the public keys they will sign. Currently the CA has to manually check the key length once a certificate request arrives since "openssl ca" gives no indication about the key length. I think it would be a good idea if the CA could use the

spkac certificate request details

Hi, I'm currently working on implementing openssl as a production CA (for the SURFnet office certification authority, SURFnet is the Dutch research net.). We want to implement the verification procedures around the technical signing procedures, and now I stumbled into a slight problem. I