Hi,
I have a private CA certificate created using openssl command line. The
issue is that the certificate expires on 19th Oct, 2007. The question is
that "Is it possible to extend the expiry of this certificate without
changing any other fields in the certificate?" Basically, I want to continue
usi
Hi,
I have a private CA certificate created using openssl command line. The
issue is that the certificate expires on 19th Oct, 2007. The question is
that "Is it possible to extend the expiry of this certificate without
changing any other fields in the certificate?" Basically, I want to continue
usi
Yes. Thats what I was trying to ask. So, how can I change the expiry date of
an existing certificate without changing any other field ? Is there any
openssl command that I may use ?
On 10/17/07, G.W. Haywood <[EMAIL PROTECTED]> wrote:
>
> Hi there,
>
> On Wed, 17 Oct 2007, David Schwartz wrote:
>
Renegotiation. Thats what this is for.
On 11/2/07, Darryl Miles <[EMAIL PROTECTED]> wrote:
>
>
> Maybe they can, but you wont get much response from me by being too lazy
> to start a new thread with your "Compose New Mail" function, as opposed
> to picking a historic message at random and using th
Hi,
The openssl User-Guide only mentions about how to create an application in
FIPS mode ( by calling FIPS_mode_set (1) ). The question is that is it
possible to have the openssl command line tool (generated from
openssl-fips-1.1.1) be in FIPS mode ? If yes, please can someone shed some
light on th
You are contradicting yourself. If you link against the
openssl-fips-1.1.1library, and are in FIPS_mode, then you have FIPS
functionality. If you are
not in FIPS mode, then the fips library trivially behaves as the traditional
openssl (with all functionalities). The former is called FIPS-validated
Hi,
One of the tests on the openssl-fips-1.1.2 fails without any warning when I
try running "make test". Though the test fails, the command continues to
completion.
Specifically this is the snippet of the output where the error occurs:
Testing cipher RC4(encrypt/decrypt)
Key
ef 01 23 45 ef 01
Hi,
I had a set of related questions regarding the trusted CA store and
certificate chaining:
1. Lets say we have a chain of the form RootCA -> SubCA ->
Server-certificate.
Now, Will the openssl verify function be able to verify if I give only
the SubCA as the trusted CA Cert and the above cha
Hi,
I had a set of related questions regarding the trusted CA store and
certificate chaining:
1. Lets say we have a chain of the form RootCA -> SubCA ->
Server-certificate.
Now, Will the openssl verify function be able to verify if I give only
the SubCA as the trusted CA Cert and the above cha
You need to do this :
On Client Side:
SSL_CTX_use_certificate ()
SSL_CTX_use_private_key()
On Server Side:
SSL_CTX_load_verify_locations()
SSL_CTX_verify()// Set the flag to (SSL_VERIFY_PEER |
SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
Paras
On Thu, Mar 27, 2008 at 5:15 AM, vaibhav bindroo <[EMAIL PR
Hi,
I have a quick question. If Client-server session is reused ,in the re-used
sessions SSL* data structure, will SSL_use_peer_certificate ( ) return the
certificate that it got in the initial handshake ?
PS
I meant SSL_get_peer_certificate.
On Mon, Apr 7, 2008 at 6:53 PM, PS <[EMAIL PROTECTED]> wrote:
> Hi,
> I have a quick question. If Client-server session is reused ,in the
> re-used sessions SSL* data structure, will SSL_use_peer_certificate ( )
> return the certificate
Hi All,
Is it possible to revoke a self-signed CA certificate?
If yes, then I dont understand why it should be allowed. It does not make
sense. The only reason a root CA would want to revoke its own certificate is
if its private-key might have been compromised. So, the CA would want to
revoke its
he first place, and is outside the scope of CRL.
>
> -Kyle H
>
> On Mon, Jan 26, 2009 at 9:17 PM, PS wrote:
> > Hi All,
> > Is it possible to revoke a self-signed CA certificate?
> >
> > If yes, then I dont understand why it should be allowed. It does not make
Also, does openssl allow a CA to revoked its own self-signed certificate?
What happens when during the openssl verify, it finds that the CRL given by
CA contains the CA-certificate in the revoked list?
On Mon, Jan 26, 2009 at 9:28 PM, PS wrote:
> Can you please elaborate on how would the hig
Hi All,
I was under the impression that openssl allows loading multiple CRLs for the
same issuer. But, this does not seem to be the case as is proved by using
"openssl verify".
$ ls -l ./ca/
total 24
lrwxrwxrwx 1 pshah users 10 Jan 28 21:56 ba4bb3b6.0 ->
cacert.pem -> the CA ce
() method
with the flag SSL_VERIFY_NONE.
BTW, it is a potentially insecure system that you have if you intend to do
this unless your only goal is to provide enryption and not authentication.
PS
On Thu, Feb 19, 2009 at 2:22 AM, Anri Lau wrote:
>
> All,
>
> I encountered a problem. There i
17 matches
Mail list logo
