Hi,
I've been trying to implement fakebasicauth because I hate having to
authenticate on every reload using normal client certificate
authentication.
However I can't get it to work on openbsd. I've followed the directions at:
http://httpd.apache.org/docs-2.0/ssl/ssl_howto.html
and it just
You need to install the root certificate into the clients browsers.
You can distribute root certificates to clients by incliding the root
certificate within the pkcs12 file or
As all browsers act differently in accecpting certificates I use a perl
script get to format the certificate for the
Is there a way to use openssl to create and import
S/MIME certificatesfor use with Lotus Notes?
Oliver
is there any way to tag these certificates so that a
browser will refuse to export them?
If importing p12's into MSIE don't select the option on the browser that
says Mark private keys as exportable if using pkcs7 on the MSIE html
request form set the GenKeyFlags to 1.
On Netscape you can't
Because the mailing list processor is configured to set the Reply-To
address to the list address. IMHO this should be changed to reduce
such problems with automatic replies (vacation e-mails, virus-scans
etc.).
But that would make *regular* replies a pain in the ass for list
members.
I
However, when I try to use it to sign/encrypt email, 'Outlook Express'
informs me that I don't have a digital ID ( and offers me the opportunity
to
procure one from a trusted CA ).
After importing it you have to enable it in your E-mail client:
Outlook Express:
toolsaccountsmailyour
good links! Thanks
- Original Message -
From: Greg Stark [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 31, 2001 12:54 AM
Subject: Re: CA-How to
http://www.ultranet.com/~fhirsch/Papers/wwwj/article.html
http://www.modssl.org/docs/2.8/ssl_intro.html
Help,
I am having an unusual problem on my openbsd default openssl 0.9.5a install
that I can't work out.
If I am at the command line and run the following simple perl script,
crypto.txt exists, however, if I point my browser at the script crypto.txt
fails.
My permissions in the directory are
Hello,
Does the script run ok ? ie does it print out crypto.txt failed ?
Yes, and it gives me a core dump.
Does 'message.txt' exist in the current directory (presumably your
cgi-bin)
I've done it in my cgi-bin under cgiwrap as the same user as ssh and I've
run it as an executable elsewhere
RE: smime system call problem #!/usr/bin/perl -w
system(openssl smime -encrypt -in message.txt -out crypto.txt cert.pem);
I suggest that this is NOT the way to do this. Its better to open it
something like this:
our $Debug=1;
#DONT FORGET THE PIPE AT THE END!
open (SSL,openssl smime -encrypt
Thanks for your help on this one but sorry I don't get any output I just get
a file created: openssl.core Do you know what type of things cause a core
dump? I can't say I've experienced it to often in the past.
I'm assuming it's something to do with apache clashing with openssl, because
ssh is
It is not only you who is getting everything twice. I thought it was just
me.
I apoligize for sending this question again. The email account I was
using
has proved to be too unreliable, so I have switched to a different
account.
Aslam,
Is this what you are looking for?
http://www.openssl.org/docs/apps/pkcs7.html#
- Original Message -
From: Aslam [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, April 28, 2001 1:08 AM
Subject: PKCS#7 support in openssl-0.9.6a
Hi,
Is there any documentation about
Hello Maxime,
With MS You can do it using xenroll.dll and with Netscape you use keygen to
generate keys on the card.
In MS you have to get a list of available CSP's also using xenroll, and then
user just has to choose the right csp and then they press enter and the card
does the rest. It's a
Hello Maxime,
You can find out more about the pkcs11 standard here:
http://www.rsasecurity.com/rsalabs/pkcs/pkcs-11/
When Smart Card manufacturers say their cards are PKCS11 compliant, correct
me if I'm wrong, I take this to mean that the card is designed for x509
certificates and it has the
]
To: [EMAIL PROTECTED]
Sent: Wednesday, April 25, 2001 1:30 AM
Subject: Re: Smart Card Readers
From: Oliver Bode [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject:Re: Smart Card Readers
Date sent: Wed, 25 Apr 2001 01:17:18 +1000
Send reply to: [EMAIL PROTECTED
I think I've got to try one of those: http://www.ibutton.com/pki.html
I'd love to hear from someone who has.
- Original Message -
From: Mark H. Wood [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, April 23, 2001 11:56 PM
Subject: Re: Smart Card Readers
If you don't insist on
Hello Eytan,
I would go about this problem something like this:
Output the certificate as text using this
openssl req -in cert.pem -out text.pem -text
push the DN line into an array
then write a temp config file using the array, generate a request using the
config file and then sign the request.
Sorry the commands would be to output as text of a certificate:
openssl x509 -in cert.pem -out text.pem -text
Then push the DN into a hash
Make a temp config.cfg file
Create a request using the config file
openssl req -config config.cfg -new -keyout request.pem -out request.pem
Then sign the
PROTECTED]]On Behalf Of Oliver Bode
Sent: Monday, April 09, 2001 4:56 PM
To: [EMAIL PROTECTED]
Subject: Re: Generating a cert request based on another certificate
Sorry the commands would be to output as text of a certificate:
openssl x509 -in cert.pem -out text.pem -text
Then push the DN into a
Why do you wish to use public key encryption for this - why not just use a
symetric encryption algorithm like blowfish or something? It just seems like
an expensive way to do the same thing.
Anyway, you could use http://www.openssl.org/docs/apps/smime.html
for encryting and decrypting on the
You could try the smime function.
http://www.openssl.org/docs/apps/smime.html
I use the smime function to encrypt and decrypt credit card numbers and to
send me encrypted receipts of transactions. However, you could just as
easily use it to encrypt and decrypt cookies - if that's what you want
Thanks,
I'm sure this will sort it out. It's the same problem we've experienced.
Tell me on Win2000 and NT can you have client authentication that will check
multiple root certificates?
Oliver
Have a look in the archive:
http://marc.theaimsgroup.com/?l=openssl-users
under the author 'Dale
Hi,
I know this isn't an openssl question, however, I know someone on this list
can help.
After generating client certificates and a root certificates for my own CA.
I can easilly implement website authentication using apache and mod_ssl - a
piece of cake.
Windows NT and 2000 presents other
ther
symptom).
Jeff
[EMAIL PROTECTED]
On Tue, 20 Mar 2001, Oliver Bode wrote:
Hello,
I am now often getting the error message "The page cannot be displayed"
using Win 98, MSIE 5.5 when I connect to cgi-scripts on our secure
server
(FreeBSD openSSL modssl 128 bit Thwate certs) at
25 matches
Mail list logo