Re: [openssl-users] Escaped Issuer/Subject

On 11-04-17 10:56, c.hol...@ades.at wrote: > Hi! > > Is it possible to get the distinguished name of issuer or subject in a > escaped form out of the box? Escaped for what? XML? SQL? HTML? Shell scripts? Maybe something else? "Escaped form" isn't something that exists as

[openssl-users] Escaped Issuer/Subject

Hi! Is it possible to get the distinguished name of issuer or subject in a escaped form out of the box? e.g. C=US, O=test, Inc., OU=department=1, CN=tester " C=US, O=test\, Inc., OU=department\=1, CN=tester \<sam\>" cheers, chris -- openssl-users mailing list To un

[openssl-users] (no subject)

>From russellb...@gmail.com Fri Feb 17 09:50:52 MST 2017 to: openssl-users-requ...@openssl.org subject: set digest set digest -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Does OpenSSL support the extension 'subject directory attributes'?

Dear everyone, I am using PyOpenSSL which is the thin wrapper of OpenSSL to add the extension 'subject directory attributes' to a certificate by a Python program. The extension names 'subjectDirAttrs' and 'subjectDirectoryAttributes' have been tried but the error occurs

Re: [openssl-users] (no subject)

On Fri, Aug 26, 2016 at 6:56 PM, Juliano Souza wrote: > I just found it. > > Hope to help someone with same requirement. > > http://www.cafesoft.com/products/cams/ps/docs32/admin/ConfiguringApache2ForSSLTLSMutualAuthentication.html > There's also Origin Bound Certificates

Re: [openssl-users] (no subject)

I just found it. Hope to help someone with same requirement. http://www.cafesoft.com/products/cams/ps/docs32/admin/ConfiguringApache2ForSSLTLSMutualAuthentication.html 2016-08-26 17:16 GMT-03:00 Juliano Souza : > Hi! > > > > In order to authenticate users without user and

[openssl-users] (no subject)

Hi! In order to authenticate users without user and password, I’d like to generate users .p12 .pfx certificates to install on their browsers and identify them by CN. Is there any howto or tutorial explaining some of... 1-Generate my own CA 2-Generate users .p12 / .pfx certs ? 3-In

[openssl-users] (no subject)

We are using session resumption with openssl, and to support that we are storing sessions in a file. On the server side the allowed TLS version can be configured and server admin can change it. It can be changed for example to allow only TLS 1.2. The problem is that if the client has SSL

Re: [openssl-users] How do I configure my Certification Authority to pay attention to Subject Alternate Names

On Wed, Nov 04, 2015 at 04:06:57PM +0100, Ben Humpert wrote: > That guide is a little bit old and not very accurate. I setup my PKI > using the OpenSSL Cookbook recommended to me by Rich Salz. This free > guide / documentation is here: > https://www.feistyduck.com/books/openssl-cookbook/ (Click

Re: [openssl-users] How do I configure my Certification Authority to pay attention to Subject Alternate Names

ation request using this tutorial and I use this > tutorial to learn how to make a request with a Subject Alternate Name. > > I actually did manage to get lucky just now and I hypothesize that > running a command like this 'openssl ca -in ldap01.req -out > certs/new/ldap04.pem -exten

Re: [openssl-users] How do I configure my Certification Authority to pay attention to Subject Alternate Names

e: >> >> I created a local certification authority using this tutorial >> https://www.debian-administration.org/article/284/Creating_and_Using_a_self_signed__SSL_Certificates_in_debian >> and made a certification request using this tutorial and I use this >> tutorial to learn ho

Re: [openssl-users] How do I configure my Certification Authority to pay attention to Subject Alternate Names

On 04.11.2015 16:13, Ben Humpert wrote: Oh crappy Gmail stop creating broken links ... openssl.cnf is at https://drive.google.com/file/d/0B8gf20AKtya0VEhGYm82YUhraDQ/view?usp=sharing reqs/client_sample.cnf is at https://drive.google.com/file/d/0B8gf20AKtya0QWNIbjY0WUtLVEk/view?usp=sharing

Re: [openssl-users] How do I configure my Certification Authority to pay attention to Subject Alternate Names

t; and made a certification request using this tutorial and I use this >> tutorial to learn how to make a request with a Subject Alternate Name. >> >> I actually did manage to get lucky just now and I hypothesize that >> running a command like this 'openssl ca -in ldap01.req -out

Re: [openssl-users] How do I configure my Certification Authority to pay attention to Subject Alternate Names

to learn how to make a request with a Subject Alternate Name. I actually did manage to get lucky just now and I hypothesize that running a command like this 'openssl ca -in ldap01.req -out certs/new/ldap04.pem -extensions v3_req -config ./openssl.cnf' as opposed to running a command like this 'openssl ca

Re: [openssl-users] How do I configure my Certification Authority to pay attention to Subject Alternate Names

and made a certification request using this tutorial and I use this tutorial to learn how to make a request with a Subject Alternate Name. I actually did manage to get lucky just now and I hypothesize that running a command like this 'openssl ca -in ldap01.req -out certs/new/ldap04.pem

[openssl-users] How do I configure my Certification Authority to pay attention to Subject Alternate Names

I created a local certification authority using this tutorial https://www.debian-administration.org/article/284/Creating_and_Using_a_self_signed__SSL_Certificates_in_debian and made a certification request using this tutorial and I use this tutorial to learn how to make a request with a Subject

Re: [openssl-users] X509 subject key identifier

ternal format. Yet, the input "subject" is an X509*, the internal format. 3 - Are these calls documented? They're not in my usual starting point https://www.openssl.org/docs/man1.0.1/crypto/ nor are they on the X509 page. On 9/22/2015 1:25 AM, Viktor Dukhovni wrote: On Mon, Sep 2

Re: [openssl-users] X509 subject key identifier

ING (of type ASN1_OCTET_STRING). > 2 - For my education, I thought that d2i calls converted from DER to openssl > internal format. Yet, the input "subject" is an X509*, the internal format. While the certificate object is already decoded, its extensions are not, they are stored in DER for

Re: [openssl-users] X509 subject key identifier

On Mon, Sep 21, 2015 at 06:29:02PM -0400, Ken Goldman wrote: > How can I programmatically get the Subject Key Identifier as a byte array > from an X509 certificate. Unless I'm mistaken: size_t len; unsigned char *data; ASN1_OCTET_STRING *skid; skid = X509_get_ext_d2i(s

[openssl-users] X509 subject key identifier

How can I programmatically get the Subject Key Identifier as a byte array from an X509 certificate. (Just to show that I tried before posting) I would like the output as a byte array, not text, so tracing the X509_print_fp() gave clues but not an answer. I have the general sense that it's

[openssl-users] (no subject)

WHAT ROBERTO Y MARIBEL ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] (no subject)

confirm ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[no subject]

Hi All: Now I want to create a certificate chain by myself. It will looks like as below: Server Certificate - Intermediate CA - Root CA. Now I am using openssl command to create these certificate files. # Create CA openssl genrsa -out ca.key 4096 openssl req -new -x509 -nodes -sha1 -days 1825

Why public key SHA1 is not same as Subject key Identifier

Hi All: As I know, When calculate Public key in certificate, it's SHA1 value is equal to Subject Key Identifier in certificate, and I verify this, and found that some websites are follow this. But when I go to www.google.com website, I find the leaf certificate and intermediate certificate is ok

RE: Why public key SHA1 is not same as Subject key Identifier

:2a:c3:41:91:b6:c9:c2:b8:3e:55:f2:c0:97:11:13:a0:07:20 Subject Key Identifier: c0 7a 98 68 8d 89 fb ab 05 64 0c 11 7d aa 7d 65 b8 ca cc 4e http://tools.ietf.org/html/rfc5280.html#section-4.2.1.2 notice the difference between MUST and SHOULD. See the referenced RFC 2119 if necessary

Re: Why public key SHA1 is not same as Subject key Identifier

On 05/11/2014 09:11, Jerry OELoo wrote: Hi All: As I know, When calculate Public key in certificate, it's SHA1 value is equal to Subject Key Identifier in certificate, and I verify this, and found that some websites are follow this. But when I go to www.google.com website, I find the leaf

RE: Why public key SHA1 is not same as Subject key Identifier

Right, that’s the main point. SKI is just an opaque identifier. It “used to” “mostly” be SHA1 of the key, but there was never any requirement that it MUST be so. -- Principal Security Engineer, Akamai Technologies IM: rs...@jabber.memailto:rs...@jabber.me Twitter: RichSalz

Query reg multiple CA-Cert in list with same subject

Hi, I have a query for Ca-Cert list. If at gateway we have configured two CA-certs A1 and A2 both having same subject and content except time-stamp of generation. If peer sends Cert matching to A2, gateway tries to validate it with A1(subject being same and configured first in list

Re: Query reg multiple CA-Cert in list with same subject

Bonjour, No need to include openssl-dev here. If A1 and A2 have the same subject, then they are 2 certificates for the same CA. Therefore, your gateway is right in testing A1 first. However, if your software is correctly configured, it should also test A2. That's what OpenSSL does when given

[no subject]

Query reg multiple CA-Cert in list with same subject

Hi, I have a query for Ca-Cert list. If at gateway we have configured two CA-certs A1 and A2 both having same subject and content except time-stamp of generation. If peer sends Cert matching to A2, gateway tries to validate it with A1(subject being same and configured first in list

Trusting multiple certificates for the same host with same subject

I am working with OpenSSL and trying to trust multiple certificates with the same subject but different hashes. The reason for this is I want to be able to transition seamlessly from one certificate to the next on the host, and so for a small period of time I want my devices to trust both

Re: Trusting multiple certificates for the same host with same subject

On Fri, Mar 21, 2014 at 07:21:50PM +, Kyle Tinker wrote: *How do I trust two certificates with an identical subject (but different hashes) at the same time?* Give them different key identifiers. When determining whether a given certificate is issued by a given authority, OpenSSL

CSR and custom Subject DN

I can create a CSR with the following: $ openssl req -out ./test.csr -new -newkey rsa:2048 -nodes -keyout ./test.key -subj /emailAddress=j...@example.com/CN=John Does/C=US However, the custom subject causes the CSR to lack other fields, like State, Locality and Organization. Is there a way

[no subject]

Hi, We had a product which generate RSA/MD5 certificate. Now I'm working on a custom openssl engine. The goal is to generate X509 certificate with some new signature/digest algorithms. With engine, we do not need to re-code too much. Now we can generate and sign certificate, but X509_verify()

[no subject]

Please remove from this mailing list. Thanks.

Re: FW: multi-byte subject DN display

Bin Lu wrote: If I use -nameopt utf8 option, the output of the subject is empty even for ascii string subject DN. This does not seem to match what is said in the man page. A bug? Please try out with the attached certificate (removing the .txt ext). Are the DN attributes with non-ASCII

RE: multi-byte subject DN display

Hi binlu From: Bin Lu Re-post … as nobody responded. If I use “–nameopt utf8” option, the output of the subject is empty even for ascii string subject DN. This does not seem to match what is said in the man page. A bug? this works for me for subject DNames with UTF8String encoded RDNs

Re: multi-byte subject DN display

Hi Bin, # openssl x509 -in test.pem -noout -text -nameopt oneline,show_type Subject: C = PRINTABLESTRING:US, ST = PRINTABLESTRING:California, O = T61STRING:\C3\A6\C2\B7\C2\84\C3\A5\C2\8D\C2\9A\C3\A7\C2\BD\C2\91\C3\A7\C2\BB\C2\9C, OU = PRINTABLESTRING:QA, CN = T61STRING:www.d8t.net-\C3\A4\C2

FW: multi-byte subject DN display

Re-post ... as nobody responded. If I use -nameopt utf8 option, the output of the subject is empty even for ascii string subject DN. This does not seem to match what is said in the man page. A bug? Please try out with the attached certificate (removing the .txt ext). Thanks, -binlu From

RE: need to modifying the CN field of CERT subject name

From: owner-openssl-us...@openssl.org On Behalf Of Sanjay Kumar (sanjaku5) Sent: Friday, 28 June, 2013 06:58 I have a requirement to get unique certificate for each user. To achieve that I am modifying the CN field of CERT subject name by appending the user index to CN field. Eg. If CN=sanjay

need to modifying the CN field of CERT subject name

Hi All, I have a requirement to get unique certificate for each user. To achieve that I am modifying the CN field of CERT subject name by appending the user index to CN field. Eg. If CN=sanjay For userIndex 1, I want to modify it like CN=sanjay01, considering the user count to 1

need to modifying the CN field of CERT subject name

Hi All, I have a requirement to get unique certificate for each user. To achieve that I am modifying the CN field of CERT subject name by appending the user index to CN field. Eg. If CN=sanjay For userIndex 1, I want to modify it like CN=sanjay01, considering the user count to 1

[no subject]

Hello. I have this problem whith ssl.dev This function: *SMIME_read_PKCS7* Return the error message when encryption is obtained from a digital certificate of 1024 bits and a text of more than 392 characters: *4618:error:0D06B08E:asn1 encoding routines:ASN1_D2I_READ_BIO:not enough

[no subject]

I’m trying to understand some code someone wrote as a wrapper for the openssl library / tool, with a view to updating it. I'm completely new to openssl and PKI in general. I found the following docs / references to help navigate but I wasn't able to find answer to my question.

Certs without subject commonName?

I read somewhere that subject commonName is now deprecated in favor of subjectAltName. Are there certs out there in the wild with no subject CN, only SAN? -FG -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.

id-pda-dateOfBirth in Subject?

Hello, can someone please tell me the correct syntax and/or give me an example of using NID id-pda-dateOfBirth when requesting a certificate by calling openssl req -config openssl.cnf -new -key cert.key -subj /.../id-pda-dateOfBirth=? -out cert.csr must there be something special in the

Is ordering of distinguished names for subject and issuer in OpenSSl 0.9.8 certificates important?

sometime investigating why this is, I found the server certificate has the issuer in the form C=... ST=... L=... O=... OU=... CN=... and the root CA has the identical string for both issuer and subject in the reverse order CN=... OU=... O=... L=... St.. C... As a result X509_Name_cmp fails

RE: Is ordering of distinguished names for subject and issuer in OpenSSl 0.9.8 certificates important?

I think either you mis-read the web page, or the author is confused. Looking at RFC 2253, it quotes X.501 which says: DistinguishedName ::= RDNSequence RDNSequence ::= SEQUENCE OF RelativeDistinguishedName RelativeDistinguishedName ::= SET SIZE (1..MAX) OF AttributeTypeAndValue

Re: [openssl-users] Is ordering of distinguished names for subject and issuer in OpenSSl 0.9.8 certificates important?

Since you need authoritative elements, start by downloading and reading authoritative documents (all are freely available from ITU-T website). X.509, section 7: - [...] The issuer and subject fields of each certificate are used, in part, to identify a valid path. For each pair of adjacent

Re: [openssl-users] Is ordering of distinguished names for subject and issuer in OpenSSl 0.9.8 certificates important?

Ording is important. unfortunately the default order shown in the textual form is not the same as for ldap tools. using openssl asn1parse shows the encoding, country code should come first. __ OpenSSL Project

[no subject]

Is there way to get some 3rd party documentation about advanced configuration of ssl. I need to 1) Get rid from linkage b75d6000-b75e6000 r-xp 08:03 54611 /lib/i386-linux-gnu/i686/cmov/libresolv-2.13.so b75e6000-b75e7000 r--p 0001 08:03 54611

[no subject]

I saw the message below which indicates that as of 9/2011 CMS_verify does not support RSA_PKCS1_PSS_PADDING. Has this been fixed since then? I have a CMS on a secure ID card which uses PSS. If this is not fixed, I could send the CMS if that would be useful. I also have some experience with the

[no subject]

从三星手机发送

RE: subject field issue in openssl certificate

: couldn't get X509-subject! curl_easy_perform() failed: SSL connect error error no is 35 . I viewed the root certiciate using tool , I could see the subject field in the ceritificate . It is very unlikely curl is looking at the subject in the root (CA) cert; that is not relevant to anything

RE: Subject Alternate Names (SANS)

request [ v3_req ] # Extensions to add to a certificate request basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment # Include email address in subject alt name: another PKIX recommendation # subjectAltName=email:copy # Copy issuer details # issuerAltName

Subject Alternate Names (SANS)

, digitalSignature, keyEncipherment # Include email address in subject alt name: another PKIX recommendation # subjectAltName=email:copy # Copy issuer details # issuerAltName=issuer:copy subjectAltName = @alt_names [alt_names] DNS.1 = server.domain.com DNS.2 = server_name Thanks, Hector L. Jaquez Jr

Re: Subject Alternate Names (SANS)

On 12/10/2012 2:43 PM, Jaquez Jr, Hector L. wrote: Hello All, I am having an issue trying to get my server read the SAN entries that I have configured in my cnf file. I created a .CSR file (2048) and had our PKI folks generate the certificate (.p7b) so that I could import it into my

Re: Creating X509 certificate subject alt name in C

On Thu, Oct 25, 2012, Ken Goldman wrote: I've managed to parse the odd X509 certificate I received. Now I have to create one. It should look like the below. X509v3 extensions: X509v3 Subject Alternative Name: critical DirName:/2.23.133.2.1=id:57454300/2.23.133.2.2

Creating X509 certificate subject alt name in C

I've managed to parse the odd X509 certificate I received. Now I have to create one. It should look like the below. X509v3 extensions: X509v3 Subject Alternative Name: critical DirName:/2.23.133.2.1=id:57454300/2.23.133.2.2=NPCT42x/NPCT50x/2.23.133.2.3=id:0391

[no subject]

Is there an SSL command that can be used to display CA cert information extracted from the certificate path associated with a cert?

RE: reading IP addresses from Subject Alternate Name extension

From: owner-openssl-us...@openssl.org On Behalf Of shailesh durgapal Sent: Tuesday, 16 October, 2012 17:14 I am seeing inconsistent values returned from BIO_read for different IP addresses. My certificate has: X509v3 extensions: X509v3 Subject Alternative Name

reading IP addresses from Subject Alternate Name extension

I am seeing inconsistent values returned from BIO_read for different IP addresses. My certificate has: X509v3 extensions: X509v3 Subject Alternative Name: IP Address:10.112.245.153 The code looks something like: static int sslPrintf(BIO * bio, const char * format

re: how to extract O= and OU= from a subject cert

Got it. thanks very much. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of lists Sent: Thursday, October 04, 2012 12:01 PM To: openssl-users@openssl.org Subject: We know how to extract the subject and issuer from a cert

RE: how to extract O= and OU= from a subject cert

Thank you Dr. Henson. Got it. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Thursday, October 04, 2012 12:22 PM To: openssl-users@openssl.org Subject: Re: how to extract O= and OU= from a subject

how to extract O= and OU= from a subject cert

We know how to extract the subject and issuer from a cert sent by a peer. Can anyone point out where we get started to look into how to extract the Organization and organizationalUnit attributes? It's not obvious from the API definitions and I've been searching the openssl-users archive

[no subject]

We know how to extract the subject and issuer from a cert sent by a peer. Can anyone point out where we get started to look into how to extract the Organization and organizationalUnit attributes? It’s not obvious from the API definitions and I’ve been searching the openssl-users archive but I

Re: how to extract O= and OU= from a subject cert

On Wed, Oct 03, 2012, mclellan, dave wrote: We know how to extract the subject and issuer from a cert sent by a peer. Can anyone point out where we get started to look into how to extract the Organization and organizationalUnit attributes? It's not obvious from the API definitions

how to setup my now CA and where to find an easy to understand guide about PKI (was Re: empty subject)

Hi, there are two open source CA systems I am aware of, although I haven't tried them out. I think they can be a good starting point instead of doing everything from scratch :-) http://pki.fedoraproject.org/wiki/PKI_Main_Page http://openca.org/projects.shtml marco PS: Adding a Subject line

Re: how to setup my now CA and where to find an easy to understand guide about PKI (was Re: empty subject)

On Thu, Jul 26, 2012 at 3:45 AM, Marco Molteni (mmolteni) mmolt...@cisco.com wrote: Hi, there are two open source CA systems I am aware of, although I haven't tried them out. I think they can be a good starting point instead of doing everything from scratch :-)

Re: how to setup my now CA and where to find an easy to understand guide about PKI (was Re: empty subject)

On 26.07.2012 12:57, Tom Browder wrote: On Thu, Jul 26, 2012 at 3:45 AM, Marco Molteni (mmolteni) mmolt...@cisco.com wrote: Hi, there are two open source CA systems I am aware of, although I haven't tried them out. Also make sure to check out OpenXPKI (http://www.openxpki.org/)

Re: how to setup my now CA and where to find an easy to understand guide about PKI (was Re: empty subject)

On Thu, Jul 26, 2012 at 5:57 AM, Tom Browder tom.brow...@gmail.com wrote: On Thu, Jul 26, 2012 at 3:45 AM, Marco Molteni (mmolteni) mmolt...@cisco.com wrote: Hi, there are two open source CA systems I am aware of, although I haven't tried them out. I think they can be a good starting

Re: how to setup my now CA and where to find an easy to understand guide about PKI (was Re: empty subject)

On Thu, Jul 26, 2012 at 6:20 AM, Florian Rüchel florian.ruec...@ruhr-uni-bochum.de wrote: ... Also make sure to check out OpenXPKI (http://www.openxpki.org/) Now that looks much better! Best regards, -Tom __ OpenSSL Project

Re: how to setup my now CA and where to find an easy to understand guide about PKI (was Re: empty subject)

On Thu, Jul 26, 2012 at 7:20 AM, Florian Rüchel florian.ruec...@ruhr-uni-bochum.de wrote: On 26.07.2012 12:57, Tom Browder wrote: On Thu, Jul 26, 2012 at 3:45 AM, Marco Molteni (mmolteni) mmolt...@cisco.com wrote: Hi, there are two open source CA systems I am aware of, although I haven't

Re: how to setup my now CA and where to find an easy to understand guide about PKI (was Re: empty subject)

://pki.fedoraproject.org/wiki/PKI_Main_Page http://openca.org/projects.shtml marco PS: Adding a Subject line helps... Thanks. That was a case of a click finger that was too fast. I hadn't realized I' sent it without a subject until I started getting replies. I'll take a look at these sites and see how far

Re: how to setup my now CA and where to find an easy to understand guide about PKI (was Re: empty subject)

On Thu, Jul 26, 2012 at 7:56 AM, Ted Byers r.ted.by...@gmail.com wrote: On Thu, Jul 26, 2012 at 7:20 AM, Florian Rüchel florian.ruec...@ruhr-uni-bochum.de wrote: Also make sure to check out OpenXPKI (http://www.openxpki.org/) And I just found

[no subject]

Hi All I just subscribed to this list. I have some familiarity with openssl having used it to generate self signed keys for testing secured web applications (on Apache 2.2), prior to deployment, at which time my colleagues would buy a server certificate from one of the usual CAs, such as

Re: (no subject): SSL Configuration

On Wed, Jul 25, 2012 at 12:49 PM, Ted Byers r.ted.by...@gmail.com wrote: Hi All Hi, Ted. I, too, have been looking for something like you have. I am in the process of creating a Perl program that may be able to help you (for at least part of your requirements), but I first can point you to one

Re: (no subject): SSL Configuration

you (for at least part of your requirements), but I first can point you to one of the most current references I can find for openssl configuration: http://www.phildev.net/ssl/ Hi Tom, and thanks. Sorry, I didn't realize I had sent my original message without a subject. I am an old hand

Re: (no subject): SSL Configuration

On Wed, Jul 25, 2012 at 3:40 PM, Ted Byers r.ted.by...@gmail.com wrote: ... On Wed, Jul 25, 2012 at 4:03 PM, Tom Browder tom.brow...@gmail.com wrote: ... I will provide the user passwords for the client certs. to my intermediate helpers via the USPO and the individual client certificates via

Re: (no subject): SSL Configuration

On Wed, Jul 25, 2012 at 4:15 PM, Tom Browder tom.brow...@gmail.com wrote: On Wed, Jul 25, 2012 at 3:40 PM, Ted Byers r.ted.by...@gmail.com wrote: On Wed, Jul 25, 2012 at 4:03 PM, Tom Browder tom.brow...@gmail.com wrote: ... Thanks. Let me know when I can take a look at yor script. I'd also

no subject

remove

X.509 certificate subject format

a webserver with a duplicate common name field. Are both names valid as the server name then? I.e. could I access a webserver with the certificate subject as stated above by DNS foo *and* bar or only by one of them? One reason to ask for equality is that there maybe is a certificate X: issuerX = /O

Re: [openssl-users] X.509 certificate subject format

? For example, assume a webserver with a duplicate common name field. Are both names valid as the server name then? I.e. could I access a webserver with the certificate subject as stated above by DNS foo *and* bar or only by one of them? This is not specified by X.509. Browsers tend to accept

Re: X.509 certificate subject format

order of the relative disdintiguised names that make up the sequence of the distinguished name. For example, assume a webserver with a duplicate common name field. Are both names valid as the server name then? No. I.e. could I access a webserver with the certificate subject as stated above

[no subject]

Hi, crypto guys! I have problem with EVP_PKEY_decrypt() function and 4K RSA private key decrypting data encrypted with EVP_PKEY_encrypt() and corresponding public key. Keys generated using openssl CA shell script. EVP_PKEY_decrypt() just returns -2 saying that this key is not supported. BUT!

X509 Subject Alternative Name

Hi folks, I'm looking for openssl information on extracting a certificate's list of Subject Alternative names for matching a query substring to select a certificate in particular contexts. All the openssl sample code that I've managed to find seems to be more heavy-weight than I'm interested

Corrupted issuer subject id ignored (when not critical) (Was: CVE-2012-0654)

Folks, While mopping up some residuals on CVE-2012-0654 I came across something which looks like odd behaviour: 1) OpenSSL nicely verifies the authorityKeyIdentifier. Good. 2) It nicely rejects/fails if the SHA1 checksum is wrong. BUT 3) It seems to NOT fail if the octedstring

[no subject]

a href=http://dev.igd.tw/jeancouk/wp-content/uploads/2012/01/jrklre.html; http://dev.igd.tw/jeancouk/wp-content/uploads/2012/01/jrklre.html/a

[no subject]

Hi , I am new to this openssl libraries. I am facing a issue in the below code. When I encrypt, it is giving all zeroes as output. And when I decrypt I am not getting the exact message. Please, I need help in this. #define BUFSIZE 1024 int main(int argc, char *argv[]) {

Re: No Subject

What do you think strlen(in) will return? You are mixing up variable length C strings (nul terminated) with binary data - always pass the true data length Carl On Thu 29/03/12 12:58 PM , Chandrasekhar chandrasek...@evolute-sys.com sent: Hi , I am new to this openssl libraries. I am

[no subject]

Hi All, We are using Openssl in one of our product. The version we are using is openssl-0.9.7l. We want to know the TLS version implemented in this version of openssl. I gone through some of the documents and found the version is TLS 1.0. I wanted to confirm this with you people whether this is

How to add emailAdress to subject in certificate

Hi, I have problem with generate pks12 certificate for digital signing of email. Can I ask how to add this field to subject? openssl ca -in request.pem -out cert.pem -subj /emailAddress= petr.kostr...@xxx.cz/CN=Petr Kostroun/OU=EMPLOYEE/O=xxx/ST=Czech Republic/C=CZ -conf ./openssl.cnf Output

x509 cert contains subject in hexa code

tls_www_client tls_www_server signing_key encryption_key All seems to be ok, but when I am typing openssl x509 -text -in www.ppprod.biz.scsr -noout -subject I see ... subject= /C=\xA8\xAE\x96\xBF\xD44/O=\xA8\xAE\x96\xBF\xD44/OU=\xA8\xAE\x96\xBF\xD44/L=\xA8\xAE\x96\xBF\xD44/ST=\xA8\xAE\x96\xBF\xD44

RE: Custom Attributes in the Subject of X.509 Certificate

of Christian Hohnstaedt [christ...@hohnstaedt.de] Sent: Thursday, January 13, 2011 11:21 PM To: openssl-users@openssl.org Subject: Re: Custom Attributes in the Subject of X.509 Certificate On Wed, Jan 12, 2011 at 10:19:59PM -0800, Scott Thomas wrote: Bonjour All, First i explain the scenarion. My

Custom Attributes in the Subject of X.509 Certificate

Bonjour All, First i explain the scenarion. My domain name is lets say idtech.com. Under it i have created an ou=certificate users. Users are created under this OU. So my FQDN of a user is CN=scott,OU=Certificate Users,DC=idtech,DC=com. Same FQDN is in the subject of the user certificate SC

[no subject]

http://capitolbird.org/mas5.html __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager

[no subject]

Hello, brothers and sisters help me. See attached for details. I use Windows 7 64bit OS on ASRock Motherboard, MinGW-5.1.6 + MSYS-1.0.11, msysDTK-1.0.1, other windows platform requirements for squid, squid-2.7.STABLE8, and also squid-2.7.STABLE9 it gives stack.o error, Win64OpenSSL_light-1_0_0a

Re: Confusion about subject alternative names - resolved

Hi there: Yes - the right way is to correctly configure the extensions in the openssl.cnf used on the CA, and have the SAN and Subject NOT be used out of the request, but be input from the CA. If you need to see how this might be done, we've got a tutorial at: http://www.carillon.ca/library

Subject alternative name problem

Hi all, I have to generate a KDC certificate containing Subject alternative name extension using openssl which includes the following details: ** The KDC's X.509 certificate MUST contain name

<    1   2   3   4   5   6   >