Hi,
I'm developing a CA which automates this stuff that you need, maybe it
could help you (http://cultura.eii.us.es/~pablo/elyca/), it's free
software and still an early release but if you only need to do generate
certs for your servers I suppose it's enough for you. There'
status (revoked).
What shall I do if I want to revoke the OCSP responder certificate? by
using a CRL?
Thank you,
Pablo
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
o, is that why the reponder said "unknown" when I ask for
a-still-valid cert?
Thank you very much,
Pablo
__
OpenSSL Project http://www.openssl.org
User Support Mailing L
Hi again,
first of all, thank you Stephen.
Dr. Stephen Henson wrote:
On Sat, May 31, 2003, pablo wrote:
Hi everyone,
this is the first time I post something, so sorry if any mistake is done.
I've been playing with the ocsp implementation of openssl and I got some
errors, I
ot;
Then I write the PEM Pass phrase, and complete all the questions...
And finally I receive this error message :
"10161:error:0D072006::lib(13) :func(114) :reason(6):NA:0:
error in req"
Can you help me?
Where Is my error?
Thanks very much!
Pablo Arisi
Gcia. Tecnología
VISA Argentina
Can anybody setup openssl to generata a certificate for the netscape signtool utility?
ha get this message:
signtool: the cert "omeguita CA" does not exist in the database: Certificate extension
was not found
when I compare the output from the certificate y one (self-signed) created with the
s
Hi.
How do i set the "Valid from" and/or
"Valid to" parameters in the certificate?
~~~~~~Pablo MilletRed
MessageWeb Developer & DesignerMob.: 0706 - 762 556
www.redmessage.com~~
bits)
I had no problem or warning at compiling... is that version of apache not compatible with that version of openssl?
Are you familiar whit this problem?
Thanks a lot
Pablo
Este mensaje se dirige exclusivamente a su destinatario y puede contener
información CONFIDENCIAL sometida a se
should be "ragnarock.domain.tld" and not "ragnarock", that's why you got
that warning message.
Also since this service runs on a virtual server, should I have the virtual
server under a different name then the actual server name? This is a single
pu
#x27; utility instead, passphrase can be entered via -passin there
are no other prompts.
but this way you don't keep the index.txt file the all valid
certificates generated, so it seems there's no way to automate the
process by
I didn't try this and I cannot do it at this moment, so let me know how
everything goes.
Pablo
David wrote:
Hello list,
I've a some questions about reissuing of CA certificates. Imagine I've
got
the following hierarchy within my PKI.
TLCA
|
CA
|
end-entities
If th
s CSP source code has been made
available somewhere. If anybody knows of any other downloadable CSP source code
I will be pleased to hear about it. Excuse me if this mail is a bit out of the
scope of the mailing list. Thanks in
advance,
Pablo
Cortijo.
Hi!
I would need to know what arguments or settings in configuration file to
use while create a certificate signing request for a Timestamping Authority
(TSA) (per RFC3161).
I guess that X509v3 Extended Key Usage must be timeStamp but don't know how
to set it.
Thanks in advance.
Pablo Rogina
Hey Brad, thank you for your response. It worked well. I've just had to
uncomment this line:
# This is required for TSA certificates.
extendedKeyUsage = critical,timeStamping
just for creating the TSA certificate in order to be used by mod_tsa under
Apache (www.opentsa.org)
Regards,
Pablo
Good morning. I need help to renew licences which are used for connections of
OpenVPN servers using OpenSSL
All are due. The question is: If ending this time of the certificate How do I
create another certificate without losing the VPN connection? According to the
manual to create a certificat
Look at :
http://spipe.sourceforge.net
The idea is to use in your Linux box a patch modified Apache / mod-ssl
server who deciphers all he receives in its 443 port, and if what he obtains
is not HTTP then it forwards the stream of bytes to a selected server. If it
is HTTP, it leaves Apache to mana
If it works with VB, and if you have the private key stored in usual Windows
certificate store perhaps your COM has problems to access the private key to
decipher data, because a service has no GUI to access the private key
password.
Also, it could be any other kind of error that happens when your
Look at:
http://marc.theaimsgroup.com/?l=openssl-dev&m=112092528123408&w=2
http://marc.theaimsgroup.com/?l=openssl-users&m=112352769609201&w=2
- Original Message -
From:
OpenSSLGRT
To: openssl-users@openssl.org
Sent: Thursday, January 19, 2006 10:30
PM
Subject: Open
Hi
May be this problem could nothing to do with OpenSSL?
I experienced this problem under a , non SSL, private protocol for sending
files to a server.
The symptons were VERY similar: a hang after sending a file to a server,
then exchanging little packets betwen client and server.
I made experime
> error:2106906D:lib(33):func(105):reason(109)
> error:21074041:lib(33):func(116):reason(65)
>From crypto/err/err.h you se the 33 sub-library is PKCS7.
>From pkcs7/pkcs7.h you see the 105 function is PKCS7_dataInit, and from that
file you see the reason 109 is "unknown digest type".
116 is the P
Hello:
I have a subject string in its common format:
C=XX /O=xxx /OU=yy /CN=z...etc
and I´d like to create a X509_NAME object with it, in order to handle its
different fields (X509_NAME_ENTRY) correctly.
Is there any function in OpenSSL X509 interface to do this (as easy as
p
May be the '+' simbol of "Telefonica
I+D" is not an allowed character in the subject for the software or codification
you are using?
It seems as if some part in it had
problems building a DN with that string.
- Original Message -
From:
Angel Martinez
Gonzalez
To: [EM
Title: Smart cards and private keys
OpenSSL does not manage that directly, but
it is possible: you will have to create a set of
functions using your own software, let's say using Windows CryptoAPI to
access smartcard , and then suply that callbacks to the RSA_METHOD
structure.
- Ori
Hi
¿Do you know if actual OpenSSL versions do (still)
compile with VC1.52 producing 16bit code?
I need PKCS7 support for an old 16bit
application.
Thanks
> > ¿Do you know if actual OpenSSL versions do (still) compile with VC1.52
producing 16bit code?
> > I need PKCS7 support for an old 16bit application.
> >
>
> It has not been tested for a long time and I'd be surprised if it still
> worked.
>
In that case, does anybody know which version was the
>
> Depends on what you mean by "PKCS7 handling" if you just mean being able
to
> parse PKCS#7 structures then even SSLeay would handle it. If you mean
S/MIME
> then it first appeared in 0.9.5 but there have been *many* security and
> bugfixing changes since then.
>
> You might be able to use Crypt
> There are some hooks for BER and streaming S/MIME in OpenSSL 0.9.8 but
that's
> only at an early stage and no one's really been that interested in it at
> present.
My program has to handle big PKCS7 files, so I´d be very interested in that
streaming.
I had to modify PKCS7_doit( ) routines to do
I can´t say what is exactly causing your problem,
but we had a very similar problem when stressing our OpenSSL applications with
100 threads. We did exactly the same that you: to use the callbacks you mention
in mttest.c.
Our problem was not to use certain reentrant
functions as books say (s
/*...*/ on selected parts) in several places we discovered were
the problem was.
It wasn´t easy: all I can say is that it
worked to find the errors.
Regards
Pablo J. Royo
- Original Message -
From:
Nauman
Akbar
To: openssl-users@openssl.org
Sent: Wednesday, April 06, 2005 2
There are a lot of ugly things in your code, but that strlen(firma) has no
sense. I think you are confusing the size of the private key RSA struct with
the size of the buffer you want to sign. Also, you are using strlen with a
buffer (firma) with any content and probaly not ended with 0, so it will
If you have control over the father process source code, I think it is
easier to accept( ) the incomming connection in the father process, then do
a fork( ) and let the child to stablish the SSL channel using the inherited
accepted socket returned by accept( ).
This way, you don´t need to share mem
I think you can try s_client program, in apps directory.
Using it, you can write "ssl on" after SSL negotiation and see what happens.
If it works, you can use it to build your program. It has all you need.
__
OpenSSL Project
I suppose this is not the right forum to ask for Smartphone issues.
Anyway, here:
http://www.jacco2.dds.nl/networking/crtimprt.html
may be you could find a way to do what you need , a little idea or maybe
something more.
He explains how to import a *personal* certificate and a CA certificate on
Try this
openssl smime -verify -in Assinador.tar.gz.pkcs7 -inform DER -content
Assinador.tar.gz -signer signer_certificate.pem -noverify
- Original Message -
From: "Andreas Hasenack" <[EMAIL PROTECTED]>
To:
Sent: Thursday, July 14, 2005 10:49 PM
Subject: How to verify a pkcs7 detached s
Hello all:
I´m tryng to generate a detached envelope from a
received implicit (non-detached) envelope.
The idea is to load the old non-detached envelope,
to copy it in a new PKCS7 envelope struct and then to delete the
encrypted data from that struct and dump it with i2d_PKCS7_bio to a
mem
Hi:
Is there any way to create a detached PKCS7
envelope with openssl utilities (smime) ?
Thanks
> >Is there any way to create a detached PKCS7 envelope with openssl
> >utilities (smime) ?
>
> Create S/MIME message and extract signature part using any
> mime-capable tool or just some text processing utitity
This is not an option, because I need to do this inside my programs.
I've be
> With some effort you even can keep every bit temporary data in the core
> memory, avoiding writing of temporary files. BIO abstraction in OpenSSL
> is powerful enough to do this.
The reason I want to use detached data, is to avoid having all my data in
memory. Now, OpenSSL handles all PKCS7 stu
Check if declarations for that functions are
enclosed in an #ifdef __cplusplus statement.
-Original Message-From:
Tugrul Bingol <[EMAIL PROTECTED]>To:
[EMAIL PROTECTED]
<[EMAIL PROTECTED]>Date:
lunes 17 de abril de 2000 18:17Subject: Error after
converti
Hi
I had the same problem, and I didn't find how to solve it except #undefining
that M_XXX macros in my source file,then #defining it correctly.After using
them in my file, you can letf then unchanged again if you like.
I´d like to know if there is a better (and elegant) way to do it.
Here it i
Hi
I´m using this cert from Baltimore with openssl0.9.5a.
I don´t know why they generate PEM certs with 76 chars in each line, instead
of 64 as everybody does.If you take the cert and manually put it with 64
chars per line and the "BEGIN/END CERTIFICATE" stuff all goes well, but if
not x509 comma
I think you could try this:
Extract *.o files in the static library with
ar -x libssl.a
Then link them again with:
ld -rpath "/usr/local/ssl" -shared -o libssl.so *.o
The command "file libssl.so" reports then:
libssl.so: ELF 32-bit LSB shared object, Intel 80386, version 1, not
stripped
so
See the Solaris2 FAQ, question five Q5 at
http://www.wins.uva.nl/pub/solaris/solaris2/
-Original Message-
From: Castellanos, Leon <[EMAIL PROTECTED]>
To: '[EMAIL PROTECTED]' <[EMAIL PROTECTED]>
Date: martes 19 de septiembre de 2000 17:15
Subject: SOLARIS 8 GCC 2.95.2 ld: fatal: file val
Sorry.The true page is
http://www.sunfreeware.com/faq.html
Question is Q5.
-Original Message-
From: Pablo J. Royo <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: martes 19 de septiembre de 2000 17:30
Subject: Re: SOLARIS 8 GCC 2.95.2 ld: fatal: file
I think you should change the line
int tNumSocketsReady = select(1, &tSet, NULL, NULL, &tTimeout);
by
int tNumSocketsReady = select( tSocketFD+1, &tSet, NULL, NULL,
&tTimeout);
If not, the descriptor you are selecting on may be totally wrong, so your
select() doesn´t works.
-Ori
I dont want to confuse you, so please disregard this if it sounds too
extrange.
I have seen similar problems when the proxy configuration wasnt correct
because the ports were wrongly mapped.Also, when a router in the path
between client and server had a broken router wich set the "DF" bit in
TCP/I
should try -ssl3/23 options in s_server
command.
Hope this helps
Pablo J. Royo
-Original Message-
From: Jorge Olmos <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: lunes 5 de febrero de 2001 12:18
Subject: error:wrong version number
>Hello,
>I want
://www.codeguru.com/internet/CSocksifiedSocket.htm
Hope this helps
Pablo J. Royo
-Original Message-
From: Vincent Toms <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: sábado 15 de septiembre de 2001 1:59
Subject: Using a proxy to my advantage
>Hello all,
> I
Hi:
I´ve faced the same problem.The true problem comes up when you want to
authenticate the remote server and in the process you resolve the IP of the
CN field of the certificate that he(the server) sends you during handshake
to see if its the same you are connected to.If this is the case (which
Hi :
I did exactly the same and it gave me the same error.
I have read you have to install Windows SDK to get the right libs and
headers (schannel.dll) installed in your machine in order to compile, but I
did that and errors were the same.
I hope you'll share the solution if you solve this.
-
ou can
do it.You have to change memory BIOs (yes,all the data is handled in memory) by
file BIOs.
Pablo J. Royo
- Original Message -
From:
Girish
Venkatachalam
To: [EMAIL PROTECTED]
Sent: Tuesday, May 14, 2002 3:28 PM
Subject: Large files with smime
Hi everyone,
Check this:
http://www.counterpane.com/yarrow.html
It's a "try icon" application for Windows, but you can change it to be a
service.
- Original Message -
From: "Edward Chan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, October 03, 2002 1:47 AM
Subject: Seeding the O
I'm compiling openssl with "Configure purify"
and I get the following "unresolved" errors:
des_options
/u0/common/sec/openssl-0.9.6l/apps/speed_pure_p9_c0_111202132_32.odes_crypt
/u0/common/sec/openssl-0.9.6l/apps/passwd_pure_p9_c0_1112021
--
Saludos Cordiales,
Juan Pablo Albuja
nceName = MADRID
localityName = BOADILLA DEL MONTE
organizationName = UNIVERSIDAD POLITECNICA DE MADRID
organizationalUnitName = DLSIIS
commonName = Juan Pablo Rojas Jimenez
Email = [EMAIL PROTECTED]
SPKAC= THE PUBLIC KEY GENERATED BY NETSCAPE ( OR IE )
I hope
Mario Fabiano wrote:
>Part 1.1Type: Plain Text (text/plain)
>Encoding: 7bit
Does anyone know how to do the same with ca -spkac option.
Tanks in advance.
begin:vcard
n:Rojas Jimenez;Juan Pablo
x-mozilla-html:FALSE
org:Faculad de Informática;DDpto. de Lengu
ke that:
ca -spkac data_of_the_requester -key your CA key -batch >
certificate_file
where the file data_of_the_requester is somthing like this:
countryName = ES
stateOrProvinceName = MADRID
localityName = BOADILLA DEL MONTE
organizationName = UNIVERSIDAD POLITECNICA DE MADRID
or
eytool and trying to
add it to java's cert store , it tells me that it cannot find the
certificate chain for that key.
Does anyone know what i'm doing wrong.
begin:vcard
n:Rojas Jimenez;Juan Pablo
x-mozilla-html:FALSE
org:Faculad de Informática;DDpto. de Lenguajes y Sistem
://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
begin:vcard
n:Rojas Jimenez;Juan Pablo
x-mozilla-html:FALSE
org:Faculad de Informática;DDpto. de Lenguajes y Sistemas Infotmáticos.
adr:;;
version:2.1
email;internet:[EMAIL PROTECTED]
title:Laboratorio de Teleinformática
x-mozilla-cpt:;-31968
fn:Juan Pablo Rojas Jimenez
end:vcard
> OpenSSL Project http://www.openssl.org
> User Support Mailing List[EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
begin:vcard
n:Rojas Jimenez;Juan Pablo
x-mozilla-html:FALSE
or
going on?
--
Democracy is two wolves and a sheep voting on what to have for dinner.
Liberty is two wolves attempting to have a sheep for dinner and
finding a well-informed, well-armed sheep.
.-.
/ .-.
61 matches
Mail list logo