Hello list,
I'm having trouble getting ssltunnel to work; and it seems OpenSSL is
the curlpit (or my undoing ofcourse). I thought i had my certificates
setup correctly, but when i connect with the client to the server i
get the following messages:
client: ssl_connect : error:14090086:SSL
routines
Hello list,
I'm having trouble getting ssltunnel to work; and it seems OpenSSL is
the curlpit (or my undoing ofcourse). I thought i had my certificates
setup correctly, but when i connect with the client to the server i
get the following messages:
client: ssl_connect : error:14090086:SSL
routines
A new cert req and private key were created with the following command
using OpenSSL 0.9.7i 14 Oct 2005 on OS X 10.4.3:
$openssl req -newkey rsa:2048 -keyout new-server-key.pem -out new-req.pem
Now, trying to remove the passphrase from the private key:
$ openssl rsa -in new-server-key.pem -out s
On 1/10/06, Dr. Stephen Henson <[EMAIL PROTECTED]> wrote:
> On Tue, Jan 10, 2006, Dominique Brezinski wrote:
>
> > A new cert req and private key were created with the following command
> > using OpenSSL 0.9.7i 14 Oct 2005 on OS X 10.4.3:
> >
> > $openssl req
character. This could be checked from JAVA by squeezing
the first byte of each character.
In C you have to add the 0x00 byte before each character
--
Dr Dominique LOHEZ
ISEN
41, Bd Vauban
F59046 LILLE
France
Phone : +33 (0)3 20 30 40 71
Email: [EMAIL PROTECTED]
ermore every thing which is not denied is allowed
I suggest you should use the
Order Allow, deny directive
so that everything which is not allowed is denied
--
Dr Dominique LOHEZ
ISEN
41, Bd Vauban
F59046 LILLE
France
Phone : +33 (0)3 20 30 40 71
Email: [EMAIL PROTECTED]
__
Olaf Gellert wrote:
Dominique Lohez wrote:
You use the directive
Order deny allow
so the deny directives are evaluated before the alow directives
and furthermore every thing which is not denied is allowed
I suggest you should use the
Order Allow, deny directive
so that everything which
Hi,
I have just read again the openssl archive back to 2001 but didn't find exactly
a clue to my pb.
In fact, we installed a OpenSSL port on a z/OS. No problem with compilation,
the product works well.
It works well BUT !
But we encounter a pb with signature when we try to verify a signature ma
Hi,
that is a recurent question, I know. But I'd like to have a "official" opinion.
The story of the 0.9.2342 arc shows that it rely upon a big mistake during the
writing of the RFC 1274.
In fact 234219200300 is the X25 address of a node in the University College in
London.
Why not after all ?
to decode this string on an
online base64 decoder http://webnet77.com/cgi-bin/helpers/base-64.pl
and it's ok!! I have the correct string
( wich is an encrypted string). What's wrong with openssl command???
Thank you for help.
--
Karim
--
Dr Dominique LOHEZ
ISEN
41, Bd Vauban
F59046
Bendadda a écrit :
Hi Dominique,
First I'd like to thank you for your quick answer. You're right,
it works well when spliting. I'd like now to do it using the openssl API
(I found the function above on the web). This function works well for
input at most 64 bytes .May I have
certificate available to your program
2) If it is available, why the program does not use it
I hope this help
Dominique
vinni rathore a écrit :
hi,
i am stuck with the error "Unable to get local issuer certificate" and
then "SSL3_GET_CLIENT_CERTIFICATE: peer certificate n
_
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
--
Dr Dominique LOHEZ
ISEN
41, Bd Vauban
F59046 LILLE
France
Phone : +33 (0)3 20 30 40 7
with the public key of the
signer , this must be identical to the digest
I hope this helps
Dominique LOHEZ
Geetha_Priya a écrit :
I have read numerous certification related docs. Being new to this technology I
don't find any material detailing the manual certificate validation [even the
Hi,
I'm coming with a strange phenomenon about which I didn't find any
answer on the Net (using keywords like garbage, IE, openssl).
I've ben using X509 certificates for couple of years but that was for
VPN softwares.
These are not less stricts than browsers but this phenomenon didn't seem
to
..
a complete description of the options is described here
http://www.openssl.org/docs/apps/ca.html#CRL_OPTIONS
regards
Dominique
--
Dr Dominique LOHEZ
ISEN
41, Bd Vauban
F59046 LILLE
France
Phone : +33 (0)3 20 30 40 71
Email: [
François NOEL wrote:
Dominique Lohez wrote:
François NOEL wrote:
Hi I have some problems with revokating certs.
when I type :
openssl ca -config ./openssl.cnf -revoke
./newcerts/NOEL_Francois.pem -verbose That update me
"index.txt" but i don't anything in my crl/ca.c
QUE jar file
all the programs needed to run the applet.
Dominique LOHEZ
Somebody can help me?. Thanks.
Regards.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
HI all,
I am learning the API to make a client, I was wondering if there was an example
somewhere for newbies
I'd appreciate any directions
thanks for your help,
Dominique
Get your FREE Email at http://mailcity.lycos.com
Get your PERSONALIZED START PAGE at http://my.lyco
your help,
Dominique
Send FREE Greetings for Father's Day--or any day!
Click here: http://www.whowhere.lycos.com/redirects/fathers_day.rdct
__
OpenSSL Project http://www.openssl.org
User Suppo
anyone else had similar problems under Windows 98? My C++ client
application is connecting to my Java server application which uses the JSSE
implementation of SSL.
Dominique
from
/usr/local/openca.0.9.2/openca/etc/openssl/openssl.cnf
ERROR:name does not match
/member-body=FR/1.2.3.4=ISEN/1.2.3.4.5=Lille/1.2.3.4.5.6.7=tester0/serialNumber=3
What is the intended meaning of the error message "name does not match"
Sincerly yours
--
Dr Dominique LOHEZ
I
nt problem a new CRL may be issued
even when the previous one is not expired.
I hope this help.
Dominique LOHEZ
A third question is that what if I had two valid CRLs from the same
issuer (CRL1 revoked cert 1 and CRL2 revokes cert 2), then when cert 2
is to be verified, it would wrongly be con
This arise because you issue a certificate valid from January 1st to
March 31th
the next one valid from April 1st to June 30th etc for example
etc
The only way to distinguish these certificates is the serial number.
I hope this helps
Best regards
Dominique LOHEZ
Any thoughts?
K
24 matches
Mail list logo
