Thanks for your answer too, I had already seen this wiki page before
posting but I didn't find in it any info on how to do that; I'll look
into it again and try harder then.
F. Delente
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
On Fri, Oct 6, 2017 at 12:22 PM, Fabrice Delente wrote:
> OK, I understand, thanks for your answer! I'll look into building
> openvpn 2.4.3 from source.
I believe you only have to set Fedora's security policy to allow MD5.
That is covered in the Fedora wiki page you were
OK, I understand, thanks for your answer! I'll look into building
openvpn 2.4.3 from source.
F. Delente
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Hi,
On 06/10/17 17:26, Fabrice Delente wrote:
Hello,
Until two days ago I used OpenVPN to connect to my workplace, on a
non-security sensitive tunnel (just for convenience).
However, OpenSSL updated on my machine (Fedora 26), and now the
certificate is rejected:
Fri Oct 6 17:25:06 2017
> Until two days ago I used OpenVPN to connect to my workplace, on a
> non-security sensitive tunnel (just for convenience).
>
> However, OpenSSL updated on my machine (Fedora 26), and now the
> certificate is rejected:
>
> ...
> routines:SSL_CTX_use_certificate:ca md too weak
> Fri Oct 6
Hello,
Until two days ago I used OpenVPN to connect to my workplace, on a
non-security sensitive tunnel (just for convenience).
However, OpenSSL updated on my machine (Fedora 26), and now the
certificate is rejected:
Fri Oct 6 17:25:06 2017 OpenVPN 2.4.4 x86_64-redhat-linux-gnu [SSL
(OpenSSL)]
Hi,
Does X509_verify_cert() checks KeyUsage extension?
Is there any API to check whether the CA certificate is properly used based
on the
Criticality specified in the certificate?
[Eg. CRL signing, Key Cert signing etc.]
Thanks.
--
openssl-users mailing list
To unsubscribe:
On 29/07/2016 06:13, asmar...@yahoo.com wrote:
Hi,
I am new to SSL stuff.
I was wondering whether the CA chain of a certificate can be changed.
Let say the initial chain is
Server->Intermediate CA1->Intermediate CA2->Root CA
and during renewal we have Server->Root CA
Renewal creates a
On Sat, Dec 05, 2015 at 07:55:50PM +0100, Walter H. wrote:
> my website has an official SSL certificate, which I renewed this year to
> have a SHA-256 certificate;
> when I test my site with SSLLabs.com, I'm shows two certificate paths:
>
> the first one:
> my SSL cert (SHA-256) sent by server
>
Hello,
my website has an official SSL certificate, which I renewed this year to
have a SHA-256 certificate;
when I test my site with SSLLabs.com, I'm shows two certificate paths:
the first one:
my SSL cert (SHA-256) sent by server (SHA1 Fingerprint:
0fae9fd23852fb834fe4f32d7d3c73714daa6aa9)
On 05.12.2015 20:20, Viktor Dukhovni wrote:
On Sat, Dec 05, 2015 at 07:55:50PM +0100, Walter H. wrote:
my website has an official SSL certificate, which I renewed this year to
have a SHA-256 certificate;
when I test my site with SSLLabs.com, I'm shows two certificate paths:
the first one:
my
Hi,
Thanks for your response. I'm sorry my question wasn't clearly defined
(it was will this file work correctly? If so, why?), but you seem to
have answered nonetheless, thank you.
As a followup question, is there a way to include these certs in the way
originally intended by the mozilla
Bonjour,
Le 25/11/2013 17:14, Sassan Panahinejad a écrit :
I am dealing with a CA certificate bundle, similar to this one:
https://github.com/twitter/secureheaders/blob/master/config/curl-ca-bundle.crt,
like the example, the one I am dealing with was automatically
generated from mozilla's
Hi Erwann,
Thanks for your response. I'm sorry my question wasn't clearly defined (it
was will this file work correctly? If so, why?), but you seem to have
answered nonetheless, thank you.
As a followup question, is there a way to include these certs in the way
originally intended by the mozilla
Excellent, just what I was looking for and incidentally a source I can cite
to my client. Many thanks!
On 25 November 2013 17:24, Ralph Holz ralph-devn...@ralphholz.de wrote:
Hi,
Thanks for your response. I'm sorry my question wasn't clearly defined
(it was will this file work correctly?
From: owner-openssl-us...@openssl.org On Behalf Of Peter Lin
Sent: Wednesday, 01 June, 2011 04:35
I am having a similar problem here: history snipped
For some reason I need to renew/extend a intermediate certificate
within a chain. Without setting the old serial
I am having a similar problem here:
For some reason I need to renew/extend a intermediate certificate within a
chain. Without setting the old serial number, all its descending certs
verification will fail when use 'openssl verify'.
So the question is: Is there anyway to issuing a new signing
If this isn't resolved yet, can you post the contents of the old cert, new
cert and the user cert?
-Sandeep
On Fri, May 20, 2011 at 8:33 PM, Alex Bergmann a...@linlab.net wrote:
Hi Erwann!
On 05/19/2011 10:20 AM, Erwann ABALEA wrote:
old end-user certificates can only be verified by the
Hodie XIV Kal. Iun. MMXI, Dave Thompson scripsit:
From: owner-openssl-us...@openssl.org On Behalf Of Erwann ABALEA
Sent: Thursday, 19 May, 2011 04:20
Hodie XV Kal. Iun. MMXI, Alex Bergmann scripsit:
snip: renew CA
The only way I found was to give the new Root Certificate the same
Hi Erwann!
On 05/19/2011 10:20 AM, Erwann ABALEA wrote:
old end-user certificates can only be verified by the old CA
certificate, of course (in case the CA is renewed, with its key
changed, etc).
I didn't renew the CA certificate, I've used the existing private key
to create thr new one.
Hi Erwann!
On 05/19/2011 10:20 AM, Erwann ABALEA wrote:
old end-user certificates can only be verified by the old CA
certificate, of course (in case the CA is renewed, with its key
changed, etc).
I didn't renew the CA certificate, I've used the existing private key
to create thr new one.
Hodie XV Kal. Iun. MMXI, Alex Bergmann scripsit:
On 05/18/2011 11:17 AM, Erwann ABALEA wrote:
Bonjour,
Hodie XV Kal. Iun. MMXI, Jean-Ann GUEGAN scripsit:
Hi !
It’s possible to renew a Certificate Autority or extend the date
validity
?
These 2 options are possible.
From: owner-openssl-us...@openssl.org On Behalf Of Erwann ABALEA
Sent: Thursday, 19 May, 2011 04:20
Hodie XV Kal. Iun. MMXI, Alex Bergmann scripsit:
snip: renew CA
The only way I found was to give the new Root Certificate the same
serial number as the previous one.
That's forbidden by
Bonjour,
Hodie XV Kal. Iun. MMXI, Jean-Ann GUEGAN scripsit:
Hi !
It’s possible to renew a Certificate Autority or extend the date validity
?
These 2 options are possible.
Recertify (i.e. sign the same certificate, but change the serial
number and validity dates) is the least
On 05/18/2011 11:17 AM, Erwann ABALEA wrote:
Bonjour,
Hodie XV Kal. Iun. MMXI, Jean-Ann GUEGAN scripsit:
Hi !
It’s possible to renew a Certificate Autority or extend the date validity
?
These 2 options are possible.
Recertify (i.e. sign the same certificate, but change the
25 matches
Mail list logo