s_server configuration

_  _ ƒ°â█g┘⌐├Z<₧é╚ @ERROR shutting down SSL CONNECTION CLOSED Steven Madwin Software PKI Engineer Adobe Inc. 345 Park Avenue, MS-W15 San Jose, CA 95110-2704 USA Phone: 408.536.4343 Fax: 408.536.6024 <mailto:steven.mad...@adobe.com> steve

[openssl-users] RSA-PSS Param File

ion and capped off with the -pkeyopt options it looks to me that the order is correct. If anyone has any enlightenment for me I'd be eternally grateful. Thanks, Steve Steven Madwin Software QA Engineer Adobe Systems Incorporated 345 Park Avenue, MS-W15 San Jose, C

[openssl-users] OCSP Server -port

all leads up to the question, has anyone been able to get version 1.1 to act as an OCSP server using the -port option? Thanks, Steve Steven Madwin Software QA Engineer Adobe Systems Incorporated 345 Park Avenue, MS-W15 San Jose, CA 95110-2704 USA Phone: 408.536.4343 Fax:

Re: [openssl-users] RSA-PSS Certificate

, 2017 6:49 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] RSA-PSS Certificate On 26/10/2017 03:30, Steven Madwin via openssl-users wrote: > > Starting with the definition of the subjectPublicKeyInfo from RFC > 5280, Section 4.1 – Basic Certificate fields we see that

[openssl-users] RSA-PSS Certificate

ks, Steve Steven Madwin Software QA Engineer Adobe Systems Incorporated 345 Park Avenue, MS-W15 San Jose, CA 95110-2704 USA Phone: 408.536.4343 Fax: 408.536.6024 <mailto:steven.mad...@adobe.com> steven.mad...@adobe.com smime.p7s Description: S/MIME cryptographic signa

[openssl-users] OCSP Response Signed using RSASSA-PSS

insight, Steve Madwin Steven Madwin Software QA Engineer Adobe Systems Incorporated 345 Park Avenue, MS-W15 San Jose, CA 95110-2704 USA Phone: 408.536.4343 Fax: 408.536.6024 <mailto:steven.mad...@adobe.com> steven.mad...@adobe.com smime.p7s Description:

issuer_hash

I see that the x509 command used with the -issuer_hash option returns a four byte digest value. Is there any method using OpenSSL to procure the 20-byte SHA-1 digest value of the issuer name? Thanks, Steve cid:image001.gif@01CC0904.0EE5C480 Steven Madwin Software QA Engineer

RE: OSCP server does not update status

Hi Patrick, Both you and Dr. Henson have made it clear that the OCSP server implementation is only to be used for testing. With that in mind, the server implementation does act as a server and responds to inbound requests via http in version 0.9x, but that functionality stopped working in version

RE: OCSP and self signed

The short answers is no. An OCSP response has to be signed by the issuer (or a delegate of the issuer) and a self-signed cert is issued by itself. As a general rule certs can't revoke themselves so there is no need to get a revocation response for a self-signed cert. Steve -Original Message--

RE: x509 certificate conforming to RFC 3739

Hi Walter, I hope this helps. Steve id-pda-dateOfBirth = 1.3.6.1.5.5.7.9.1 [ subjectDirAttrib_sec ] 1.3.6.1.5.5.7.9.1 = SEQUENCE:dateOfBirth_sec #id-pda-dateOfBirth [ dateOfBirth_sec ] id-pda-dateOfBirth.name= OID:id-pda-dateOfBirth id-pda-dateOfBirth.value = SET:dateOfBirth_

RE: openssl on a home LAN

Hi John, As an aside to what Gayathri said, I'm not a developer, but I have used OpenSSL to create a complete PKI universe for testing. Using the pre-compiled, downloadable installer I've been able to create Root certificates, Intermediate CA certificates, and end-entity certificates of all sha

RE: [openssl-users] OpenSSL OCSP

Hi Adrien, Just out of curiosity, what version of OpenSSL are you using? I can get OCSP to work with version 0.9.8, but not 1.0 or later and I’m looking to see if anyone else has had any luck with the current version. Thanks, Steve From: owner-openssl-us...@openssl.org [mailto:owner-op

OCSP

Has anyone been able to get OCSP working with version 1.0 or later? It works for me with version 0.9, but not 1.0.1c. I did see where someone suggested using an IPv6 style port address (i.e. -port :::8080), but that didn't help (although it does work with 0.9.81 just fine). Many thanks, Steve