On 11-04-17 10:56, c.hol...@ades.at wrote:
> Hi!
>
> Is it possible to get the distinguished name of issuer or subject in a
> escaped form out of the box?
Escaped for what? XML? SQL? HTML? Shell scripts? Maybe something else?
"Escaped form" isn't something that exists as
Hi!
Is it possible to get the distinguished name of issuer or subject in a
escaped form out of the box?
e.g.
C=US, O=test, Inc., OU=department=1, CN=tester "
C=US, O=test\, Inc., OU=department\=1, CN=tester \<sam\>"
cheers,
chris
--
openssl-users mailing list
To un
>From russellb...@gmail.com Fri Feb 17 09:50:52 MST 2017
to: openssl-users-requ...@openssl.org
subject: set digest
set digest
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Dear everyone,
I am using PyOpenSSL which is the thin wrapper of OpenSSL to add the
extension 'subject directory attributes' to a certificate by a Python
program. The extension names 'subjectDirAttrs' and
'subjectDirectoryAttributes' have been tried but the error occurs
On Fri, Aug 26, 2016 at 6:56 PM, Juliano Souza wrote:
> I just found it.
>
> Hope to help someone with same requirement.
>
> http://www.cafesoft.com/products/cams/ps/docs32/admin/ConfiguringApache2ForSSLTLSMutualAuthentication.html
>
There's also Origin Bound Certificates
I just found it.
Hope to help someone with same requirement.
http://www.cafesoft.com/products/cams/ps/docs32/admin/ConfiguringApache2ForSSLTLSMutualAuthentication.html
2016-08-26 17:16 GMT-03:00 Juliano Souza :
> Hi!
>
>
>
> In order to authenticate users without user and
Hi!
In order to authenticate users without user and password, I’d like to
generate users .p12 .pfx certificates to install on their browsers and
identify them by CN.
Is there any howto or tutorial explaining some of...
1-Generate my own CA
2-Generate users .p12 / .pfx certs ?
3-In
We are using session resumption with openssl, and to support that we are
storing sessions in a file.
On the server side the allowed TLS version can be configured and server admin
can change it. It can
be changed for example to allow only TLS 1.2. The problem is that if the client
has SSL
On Wed, Nov 04, 2015 at 04:06:57PM +0100, Ben Humpert wrote:
> That guide is a little bit old and not very accurate. I setup my PKI
> using the OpenSSL Cookbook recommended to me by Rich Salz. This free
> guide / documentation is here:
> https://www.feistyduck.com/books/openssl-cookbook/ (Click
ation request using this tutorial and I use this
> tutorial to learn how to make a request with a Subject Alternate Name.
>
> I actually did manage to get lucky just now and I hypothesize that
> running a command like this 'openssl ca -in ldap01.req -out
> certs/new/ldap04.pem -exten
e:
>>
>> I created a local certification authority using this tutorial
>> https://www.debian-administration.org/article/284/Creating_and_Using_a_self_signed__SSL_Certificates_in_debian
>> and made a certification request using this tutorial and I use this
>> tutorial to learn ho
On 04.11.2015 16:13, Ben Humpert wrote:
Oh crappy Gmail stop creating broken links ...
openssl.cnf is at
https://drive.google.com/file/d/0B8gf20AKtya0VEhGYm82YUhraDQ/view?usp=sharing
reqs/client_sample.cnf is at
https://drive.google.com/file/d/0B8gf20AKtya0QWNIbjY0WUtLVEk/view?usp=sharing
t; and made a certification request using this tutorial and I use this
>> tutorial to learn how to make a request with a Subject Alternate Name.
>>
>> I actually did manage to get lucky just now and I hypothesize that
>> running a command like this 'openssl ca -in ldap01.req -out
to learn how to make a request with a Subject Alternate Name.
I actually did manage to get lucky just now and I hypothesize that
running a command like this 'openssl ca -in ldap01.req -out
certs/new/ldap04.pem -extensions v3_req -config ./openssl.cnf' as
opposed to running a command like this 'openssl ca
and made a certification request using this tutorial and I use this
tutorial to learn how to make a request with a Subject Alternate Name.
I actually did manage to get lucky just now and I hypothesize that
running a command like this 'openssl ca -in ldap01.req -out
certs/new/ldap04.pem
I created a local certification authority using this tutorial
https://www.debian-administration.org/article/284/Creating_and_Using_a_self_signed__SSL_Certificates_in_debian
and made a certification request using this tutorial and I use this
tutorial to learn how to make a request with a Subject
ternal format. Yet, the input "subject" is an X509*, the
internal format.
3 - Are these calls documented? They're not in my usual starting point
https://www.openssl.org/docs/man1.0.1/crypto/
nor are they on the X509 page.
On 9/22/2015 1:25 AM, Viktor Dukhovni wrote:
On Mon, Sep 2
ING (of type
ASN1_OCTET_STRING).
> 2 - For my education, I thought that d2i calls converted from DER to openssl
> internal format. Yet, the input "subject" is an X509*, the internal format.
While the certificate object is already decoded, its extensions are not,
they are stored in DER for
On Mon, Sep 21, 2015 at 06:29:02PM -0400, Ken Goldman wrote:
> How can I programmatically get the Subject Key Identifier as a byte array
> from an X509 certificate.
Unless I'm mistaken:
size_t len;
unsigned char *data;
ASN1_OCTET_STRING *skid;
skid = X509_get_ext_d2i(s
How can I programmatically get the Subject Key Identifier as a byte
array from an X509 certificate.
(Just to show that I tried before posting)
I would like the output as a byte array, not text, so tracing the
X509_print_fp() gave clues but not an answer.
I have the general sense that it's
WHAT
ROBERTO Y MARIBEL
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
confirm
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hi All:
Now I want to create a certificate chain by myself.
It will looks like as below:
Server Certificate - Intermediate CA - Root CA.
Now I am using openssl command to create these certificate files.
# Create CA
openssl genrsa -out ca.key 4096
openssl req -new -x509 -nodes -sha1 -days 1825
Hi All:
As I know, When calculate Public key in certificate, it's SHA1 value
is equal to Subject Key Identifier in certificate, and I verify this,
and found that some websites are follow this.
But when I go to www.google.com website, I find the leaf certificate
and intermediate certificate is ok
:2a:c3:41:91:b6:c9:c2:b8:3e:55:f2:c0:97:11:13:a0:07:20
Subject Key Identifier: c0 7a 98 68 8d 89 fb ab 05 64 0c 11 7d aa 7d
65 b8 ca cc 4e
http://tools.ietf.org/html/rfc5280.html#section-4.2.1.2
notice the difference between MUST and SHOULD.
See the referenced RFC 2119 if necessary
On 05/11/2014 09:11, Jerry OELoo wrote:
Hi All:
As I know, When calculate Public key in certificate, it's SHA1 value
is equal to Subject Key Identifier in certificate, and I verify this,
and found that some websites are follow this.
But when I go to www.google.com website, I find the leaf
Right, that’s the main point. SKI is just an opaque identifier. It “used to”
“mostly” be SHA1 of the key, but there was never any requirement that it MUST
be so.
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.memailto:rs...@jabber.me Twitter: RichSalz
Hi,
I have a query for Ca-Cert list.
If at gateway we have configured two CA-certs A1 and A2 both having same
subject and content except time-stamp of generation.
If peer sends Cert matching to A2, gateway tries to validate it with
A1(subject being same and configured first in list
Bonjour,
No need to include openssl-dev here.
If A1 and A2 have the same subject, then they are 2 certificates for the
same CA. Therefore, your gateway is right in testing A1 first.
However, if your software is correctly configured, it should also test
A2. That's what OpenSSL does when given
Hi,
I have a query for Ca-Cert list.
If at gateway we have configured two CA-certs A1 and A2 both having same
subject and content except time-stamp of generation.
If peer sends Cert matching to A2, gateway tries to validate it with
A1(subject being same and configured first in list
I am working with OpenSSL and trying to trust multiple certificates with the
same subject but different hashes. The reason for this is I want to be able to
transition seamlessly from one certificate to the next on the host, and so for
a small period of time I want my devices to trust both
On Fri, Mar 21, 2014 at 07:21:50PM +, Kyle Tinker wrote:
*How do I trust two certificates with an identical subject (but
different hashes) at the same time?*
Give them different key identifiers. When determining whether a
given certificate is issued by a given authority, OpenSSL
I can create a CSR with the following:
$ openssl req -out ./test.csr -new -newkey rsa:2048 -nodes -keyout
./test.key -subj /emailAddress=j...@example.com/CN=John Does/C=US
However, the custom subject causes the CSR to lack other fields, like
State, Locality and Organization.
Is there a way
Hi,
We had a product which generate RSA/MD5 certificate.
Now I'm working on a custom openssl engine.
The goal is to generate X509 certificate with some new signature/digest
algorithms.
With engine, we do not need to re-code too much.
Now we can generate and sign certificate, but X509_verify()
Please remove from this mailing list. Thanks.
Bin Lu wrote:
If I use -nameopt utf8 option, the output of the subject is empty even for
ascii string subject DN. This does not seem to match what is said in the man
page. A bug?
Please try out with the attached certificate (removing the .txt ext).
Are the DN attributes with non-ASCII
Hi binlu
From: Bin Lu
Re-post … as nobody responded.
If I use “–nameopt utf8” option, the output of the subject is empty even
for ascii string subject DN. This does not seem to match what is said in the
man page. A bug?
this works for me for subject DNames with UTF8String encoded RDNs
Hi Bin,
# openssl x509 -in test.pem -noout -text -nameopt oneline,show_type
Subject: C = PRINTABLESTRING:US, ST = PRINTABLESTRING:California, O =
T61STRING:\C3\A6\C2\B7\C2\84\C3\A5\C2\8D\C2\9A\C3\A7\C2\BD\C2\91\C3\A7\C2\BB\C2\9C,
OU = PRINTABLESTRING:QA, CN =
T61STRING:www.d8t.net-\C3\A4\C2
Re-post ... as nobody responded.
If I use -nameopt utf8 option, the output of the subject is empty even for
ascii string subject DN. This does not seem to match what is said in the man
page. A bug?
Please try out with the attached certificate (removing the .txt ext).
Thanks,
-binlu
From
From: owner-openssl-us...@openssl.org On Behalf Of Sanjay Kumar (sanjaku5)
Sent: Friday, 28 June, 2013 06:58
I have a requirement to get unique certificate for each user.
To achieve that I am modifying the CN field of CERT subject name
by appending the user index to CN field.
Eg. If CN=sanjay
Hi All,
I have a requirement to get unique certificate for each user.
To achieve that I am modifying the CN field of CERT subject name by appending
the user index to CN field.
Eg.
If CN=sanjay
For userIndex 1, I want to modify it like CN=sanjay01, considering the user
count to 1
Hi All,
I have a requirement to get unique certificate for each user.
To achieve that I am modifying the CN field of CERT subject name by appending
the user index to CN field.
Eg.
If CN=sanjay
For userIndex 1, I want to modify it like CN=sanjay01, considering the user
count to 1
Hello.
I have this problem whith ssl.dev
This function:
*SMIME_read_PKCS7*
Return the error message when encryption is obtained from a digital
certificate of 1024 bits and a text of more than 392 characters:
*4618:error:0D06B08E:asn1 encoding routines:ASN1_D2I_READ_BIO:not enough
I’m trying to understand some code someone wrote as a wrapper for the
openssl library / tool, with a view to updating it.
I'm completely new to openssl and PKI in general. I found the following
docs / references to help navigate but I wasn't able to find answer to my
question.
I read somewhere that subject commonName is now deprecated in favor of
subjectAltName.
Are there certs out there in the wild with no subject CN, only SAN?
-FG
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Hello,
can someone please tell me the correct syntax and/or give me an example of
using NID id-pda-dateOfBirth
when requesting a certificate by calling
openssl req -config openssl.cnf -new -key cert.key -subj
/.../id-pda-dateOfBirth=? -out cert.csr
must there be something special in the
sometime investigating why this is, I found the server certificate
has the issuer in the form C=... ST=... L=... O=... OU=... CN=...
and the root CA has the identical string for both issuer and subject in the
reverse order CN=... OU=... O=... L=... St.. C...
As a result X509_Name_cmp fails
I think either you mis-read the web page, or the author is confused.
Looking at RFC 2253, it quotes X.501 which says:
DistinguishedName ::= RDNSequence
RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
RelativeDistinguishedName ::= SET SIZE (1..MAX) OF
AttributeTypeAndValue
Since you need authoritative elements, start by downloading and reading
authoritative documents (all are freely available from ITU-T website).
X.509, section 7:
-
[...]
The issuer and subject fields of each certificate are used, in part, to
identify a valid path. For each pair of adjacent
Ording is important. unfortunately the default order shown in the textual
form is not the same as for ldap tools. using openssl asn1parse shows
the encoding, country code should come first.
__
OpenSSL Project
Is there way to get some 3rd party documentation about advanced
configuration of ssl.
I need to
1) Get rid from linkage
b75d6000-b75e6000 r-xp 08:03 54611
/lib/i386-linux-gnu/i686/cmov/libresolv-2.13.so
b75e6000-b75e7000 r--p 0001 08:03 54611
I saw the message below which indicates that as of 9/2011 CMS_verify does
not support RSA_PKCS1_PSS_PADDING. Has this been fixed since then?
I have a CMS on a secure ID card which uses PSS. If this is not fixed, I
could send the CMS if that would be useful.
I also have some experience with the
从三星手机发送
: couldn't get X509-subject!
curl_easy_perform() failed: SSL connect error error no is 35 .
I viewed the root certiciate using tool , I could see the subject
field in the ceritificate .
It is very unlikely curl is looking at the subject in the root
(CA) cert; that is not relevant to anything
request
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# Include email address in subject alt name: another PKIX
recommendation # subjectAltName=email:copy # Copy issuer details #
issuerAltName
, digitalSignature, keyEncipherment
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
subjectAltName = @alt_names
[alt_names]
DNS.1 = server.domain.com
DNS.2 = server_name
Thanks,
Hector L. Jaquez Jr
On 12/10/2012 2:43 PM, Jaquez Jr, Hector L. wrote:
Hello All,
I am having an issue trying to get my server read the SAN entries
that I have configured in my cnf file. I created a .CSR file (2048) and
had our PKI folks generate the certificate (.p7b) so that I could import
it into my
On Thu, Oct 25, 2012, Ken Goldman wrote:
I've managed to parse the odd X509 certificate I received. Now I
have to create one.
It should look like the below.
X509v3 extensions:
X509v3 Subject Alternative Name: critical
DirName:/2.23.133.2.1=id:57454300/2.23.133.2.2
I've managed to parse the odd X509 certificate I received. Now I have
to create one.
It should look like the below.
X509v3 extensions:
X509v3 Subject Alternative Name: critical
DirName:/2.23.133.2.1=id:57454300/2.23.133.2.2=NPCT42x/NPCT50x/2.23.133.2.3=id:0391
Is there an SSL command that can be used to display CA cert information
extracted from the certificate path associated with a cert?
From: owner-openssl-us...@openssl.org On Behalf Of shailesh durgapal
Sent: Tuesday, 16 October, 2012 17:14
I am seeing inconsistent values returned from BIO_read for
different IP addresses. My certificate has:
X509v3 extensions:
X509v3 Subject Alternative Name
I am seeing inconsistent values returned from BIO_read for different IP
addresses.
My certificate has:
X509v3 extensions:
X509v3 Subject Alternative Name:
IP Address:10.112.245.153
The code looks something like:
static int sslPrintf(BIO * bio, const char * format
Got it. thanks very much.
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of lists
Sent: Thursday, October 04, 2012 12:01 PM
To: openssl-users@openssl.org
Subject:
We know how to extract the subject and issuer from a cert
Thank you Dr. Henson. Got it.
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dr. Stephen Henson
Sent: Thursday, October 04, 2012 12:22 PM
To: openssl-users@openssl.org
Subject: Re: how to extract O= and OU= from a subject
We know how to extract the subject and issuer from a cert sent by a peer. Can
anyone point out where we get started to look into how to extract the
Organization and organizationalUnit attributes?
It's not obvious from the API definitions and I've been searching the
openssl-users archive
We know how to extract the subject and issuer from a cert sent by a peer.
Can anyone point out where we get started to look into how to extract
the Organization and organizationalUnit attributes?
It’s not obvious from the API definitions and I’ve been searching
the openssl-users archive but I
On Wed, Oct 03, 2012, mclellan, dave wrote:
We know how to extract the subject and issuer from a cert sent by a peer.
Can anyone point out where we get started to look into how to extract the
Organization and organizationalUnit attributes?
It's not obvious from the API definitions
Hi,
there are two open source CA systems I am aware of, although I haven't tried
them out.
I think they can be a good starting point instead of doing everything from
scratch :-)
http://pki.fedoraproject.org/wiki/PKI_Main_Page
http://openca.org/projects.shtml
marco
PS: Adding a Subject line
On Thu, Jul 26, 2012 at 3:45 AM, Marco Molteni (mmolteni)
mmolt...@cisco.com wrote:
Hi,
there are two open source CA systems I am aware of, although I haven't tried
them out.
I think they can be a good starting point instead of doing everything from
scratch :-)
On 26.07.2012 12:57, Tom Browder wrote:
On Thu, Jul 26, 2012 at 3:45 AM, Marco Molteni (mmolteni)
mmolt...@cisco.com wrote:
Hi,
there are two open source CA systems I am aware of, although I
haven't tried them out.
Also make sure to check out OpenXPKI (http://www.openxpki.org/)
On Thu, Jul 26, 2012 at 5:57 AM, Tom Browder tom.brow...@gmail.com wrote:
On Thu, Jul 26, 2012 at 3:45 AM, Marco Molteni (mmolteni)
mmolt...@cisco.com wrote:
Hi,
there are two open source CA systems I am aware of, although I haven't tried
them out.
I think they can be a good starting
On Thu, Jul 26, 2012 at 6:20 AM, Florian Rüchel
florian.ruec...@ruhr-uni-bochum.de wrote:
...
Also make sure to check out OpenXPKI (http://www.openxpki.org/)
Now that looks much better!
Best regards,
-Tom
__
OpenSSL Project
On Thu, Jul 26, 2012 at 7:20 AM, Florian Rüchel
florian.ruec...@ruhr-uni-bochum.de wrote:
On 26.07.2012 12:57, Tom Browder wrote:
On Thu, Jul 26, 2012 at 3:45 AM, Marco Molteni (mmolteni)
mmolt...@cisco.com wrote:
Hi,
there are two open source CA systems I am aware of, although I haven't
://pki.fedoraproject.org/wiki/PKI_Main_Page
http://openca.org/projects.shtml
marco
PS: Adding a Subject line helps...
Thanks. That was a case of a click finger that was too fast. I hadn't
realized I' sent it without a subject until I started getting replies.
I'll take a look at these sites and see how far
On Thu, Jul 26, 2012 at 7:56 AM, Ted Byers r.ted.by...@gmail.com wrote:
On Thu, Jul 26, 2012 at 7:20 AM, Florian Rüchel
florian.ruec...@ruhr-uni-bochum.de wrote:
Also make sure to check out OpenXPKI (http://www.openxpki.org/)
And I just found
Hi All
I just subscribed to this list.
I have some familiarity with openssl having used it to generate self
signed keys for testing secured web applications (on Apache 2.2),
prior to deployment, at which time my colleagues would buy a server
certificate from one of the usual CAs, such as
On Wed, Jul 25, 2012 at 12:49 PM, Ted Byers r.ted.by...@gmail.com wrote:
Hi All
Hi, Ted. I, too, have been looking for something like you have. I am
in the process of creating a Perl program that may be able to help you
(for at least part of your requirements), but I first can point you to
one
you
(for at least part of your requirements), but I first can point you to
one of the most current references I can find for openssl
configuration:
http://www.phildev.net/ssl/
Hi Tom, and thanks. Sorry, I didn't realize I had sent my original message
without a subject.
I am an old hand
On Wed, Jul 25, 2012 at 3:40 PM, Ted Byers r.ted.by...@gmail.com wrote:
...
On Wed, Jul 25, 2012 at 4:03 PM, Tom Browder tom.brow...@gmail.com wrote:
...
I will provide the user passwords for the client certs. to my
intermediate helpers via the USPO and the individual client
certificates via
On Wed, Jul 25, 2012 at 4:15 PM, Tom Browder tom.brow...@gmail.com wrote:
On Wed, Jul 25, 2012 at 3:40 PM, Ted Byers r.ted.by...@gmail.com wrote:
On Wed, Jul 25, 2012 at 4:03 PM, Tom Browder tom.brow...@gmail.com wrote:
...
Thanks. Let me know when I can take a look at yor script. I'd also
remove
a webserver with a duplicate common name field. Are both
names valid as the server name then? I.e. could I access a webserver
with the certificate subject as stated above by DNS foo *and* bar or
only by one of them?
One reason to ask for equality is that there maybe is a certificate X:
issuerX = /O
? For
example, assume a webserver with a duplicate common name field. Are both
names valid as the server name then? I.e. could I access a webserver
with the certificate subject as stated above by DNS foo *and* bar or
only by one of them?
This is not specified by X.509. Browsers tend to accept
order of the relative
disdintiguised names that make up the sequence of the distinguished name.
For
example, assume a webserver with a duplicate common name field. Are both
names valid as the server name then?
No.
I.e. could I access a webserver
with the certificate subject as stated above
Hi, crypto guys!
I have problem with EVP_PKEY_decrypt() function and 4K RSA private key
decrypting data encrypted with EVP_PKEY_encrypt() and corresponding
public key. Keys generated using openssl CA shell script.
EVP_PKEY_decrypt() just returns -2 saying that this key is not
supported. BUT!
Hi folks,
I'm looking for openssl information on extracting a certificate's list of
Subject Alternative names for matching a query substring to select a
certificate in particular contexts. All the openssl sample code that I've
managed to find seems to be more heavy-weight than I'm interested
Folks,
While mopping up some residuals on CVE-2012-0654 I came across something which
looks like odd behaviour:
1) OpenSSL nicely verifies the authorityKeyIdentifier. Good.
2) It nicely rejects/fails if the SHA1 checksum is wrong.
BUT
3) It seems to NOT fail if the octedstring
a href=http://dev.igd.tw/jeancouk/wp-content/uploads/2012/01/jrklre.html;
http://dev.igd.tw/jeancouk/wp-content/uploads/2012/01/jrklre.html/a
Hi ,
I am new to this openssl libraries.
I am facing a issue in the below code.
When I encrypt, it is giving all zeroes as output. And when I decrypt I am
not getting the exact message.
Please, I need help in this.
#define BUFSIZE 1024
int main(int argc, char *argv[])
{
What do you think strlen(in) will return? You are mixing up variable length C
strings (nul terminated) with binary data - always pass the true data length
Carl
On Thu 29/03/12 12:58 PM , Chandrasekhar chandrasek...@evolute-sys.com sent:
Hi ,
I am new to this openssl libraries.
I am
Hi All,
We are using Openssl in one of our product. The version we are using is
openssl-0.9.7l.
We want to know the TLS version implemented in this version of openssl. I
gone through some of the documents and found the version is TLS 1.0.
I wanted to confirm this with you people whether this is
Hi, I have problem with generate pks12 certificate for digital signing of
email. Can I ask how to add this field to subject?
openssl ca -in request.pem -out cert.pem -subj /emailAddress=
petr.kostr...@xxx.cz/CN=Petr Kostroun/OU=EMPLOYEE/O=xxx/ST=Czech
Republic/C=CZ -conf ./openssl.cnf
Output
tls_www_client
tls_www_server
signing_key
encryption_key
All seems to be ok,
but when I am typing openssl x509 -text -in www.ppprod.biz.scsr
-noout -subject
I see
...
subject=
/C=\xA8\xAE\x96\xBF\xD44/O=\xA8\xAE\x96\xBF\xD44/OU=\xA8\xAE\x96\xBF\xD44/L=\xA8\xAE\x96\xBF\xD44/ST=\xA8\xAE\x96\xBF\xD44
of Christian Hohnstaedt [christ...@hohnstaedt.de]
Sent: Thursday, January 13, 2011 11:21 PM
To: openssl-users@openssl.org
Subject: Re: Custom Attributes in the Subject of X.509 Certificate
On Wed, Jan 12, 2011 at 10:19:59PM -0800, Scott Thomas wrote:
Bonjour All,
First i explain the scenarion. My
Bonjour All,
First i explain the scenarion. My domain name is lets say idtech.com. Under it
i
have created an ou=certificate users. Users are created under this OU.
So my FQDN of a user is CN=scott,OU=Certificate Users,DC=idtech,DC=com. Same
FQDN is in the subject of the user certificate SC
http://capitolbird.org/mas5.html
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager
Hello, brothers and sisters help me. See attached for details.
I use Windows 7 64bit OS on ASRock Motherboard, MinGW-5.1.6 + MSYS-1.0.11,
msysDTK-1.0.1, other windows platform requirements for squid,
squid-2.7.STABLE8, and also squid-2.7.STABLE9 it gives stack.o error,
Win64OpenSSL_light-1_0_0a
Hi there:
Yes - the right way is to correctly configure the extensions in the openssl.cnf
used on the CA, and have the SAN and Subject NOT be used out of the request,
but be input from the CA.
If you need to see how this might be done, we've got a tutorial at:
http://www.carillon.ca/library
Hi all,
I have to generate a KDC certificate containing Subject alternative name
extension using openssl which includes the following details:
**
The KDC's X.509 certificate MUST contain name
101 - 200 of 564 matches
Mail list logo