Actually the error is:
533:error:02001002:system library:fopen:No such file or
directory:bss_file.c:175:fopen('/opt/ssl-v1.02u/ssl/cert.pem','r')
533:error:2006D080:BIO routines:BIO_new_file:no such
file:bss_file.c:182: 533:error:0B084002:x509 certificate
routines:X509_load_cert_crl_file:system li
Hello experts
I used to load a self-signed cert using a program like below:
X509_STORE_set_verify_cb_func(lCertCtx, UserCert_cb_check_cert);
lLookup = X509_STORE_add_lookup(lCertCtx, X509_LOOKUP_file());
error = X509_LOOKUP_load_file(lLookup, NULL, X509_FILETYPE_DEFAULT);
It was all working great
You will need to be a lot more specific - this works fine
openssl s_client -connect localhost:443 | openssl x509 -noout -text
Can't use SSL_get_servername
depth=0 C = US, ST = TX, L = Somewhere, O = MarkHack, OU = Test, CN =
fakeserver.com
verify error:num=18:self signed certificate
verify r
Hi All,
Looking for the same support of SHA512. Do we have sha512 support in any
open source ? Please let me know.
Regards,
Vadivel
On Mon, Apr 19, 2021, 13:15 preethi teekaraman
wrote:
> Hi Openssl,
>
> I'm creating sha512 self signed certificate for establishing connection
&g
Hi Openssl,
I'm creating sha512 self signed certificate for establishing connection
between client and server(nginx server).
creating separate key, cert for server and root cert for client.
below is the link i followed for cert creation:
https://gist.github.com/f
sion to create self
> signed certificate with sha256 algorithm.
>
> I tried loading the certs in device and in server side. The client sends
> "hello packet" to server and server refused to connect with an error "
> alert internal error ". The handshake failing between
Hi
I'm using latest version 1.1.1i 8 Dec 2020 openssl version to create self
signed certificate with sha256 algorithm.
I tried loading the certs in device and in server side. The client sends
"hello packet" to server and server refused to connect with an error "
alert i
ow the CA?
You still have to add the CA to your local trust store.
Otherwise, you'd blindly accept *every* self-signed certificate, right?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
sl-users-boun...@openssl.org] On Behalf Of
Matthew Donald
Sent: July-01-16 12:09 AM
To: openssl-users@openssl.org
Subject: [Newsletter] Re: [openssl-users] self-signed certificate won't work in
my app but works with s_client
"error 18:self signed certificate" is the expected result if you a
"error 18:self signed certificate" is the expected result if you are
validating a self-signed cert.
In certificate verification, the code needs to check for X509_V_OK,
X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
and X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY.
X509_V_OK is a n
I am working with the example apps in the "Networking Security with OpenSSL"
book and up until now have been able to get client/server examples 1,2,3 to
work. But now I'm trying to connect to an in-house tool but I'm getting the
error "error 18:self signed certificate&
gt; To: openssl-users@openssl.org
> Subject: RE: Error 18: self signed certificate
>
> > From: owner-openssl-users On Behalf Of Mark Currie
> > Sent: Monday, November 18, 2013 03:24
>
> > I also managed to get self-signed certs to work like this but does
> > anyone
Behalf Of Manoj
> > Sent: 18 November 2013 10:09
> > To: openssl-users@openssl.org
> > Subject: Re: Error 18: self signed certificate
> >
> > Thanks Guys for the help, I got it working by loading the location using
> API
> > SSL_CTX_load_verify_locations(). The
Of Manoj
> Sent: 18 November 2013 10:09
> To: openssl-users@openssl.org
> Subject: Re: Error 18: self signed certificate
>
> Thanks Guys for the help, I got it working by loading the location using
API
> SSL_CTX_load_verify_locations(). The location where I have the certificate
>
) without having it
in the trust-store?
or
Let me put in other words , Server application verifiying clients with each
client having its own self signed certificate, Does the server require any
prior information about certificates (i.e. having them as part of cert trust
store)?
Or
Is there any way
need to add the
ceritificate to trusted list.
if (ctx->check_issued(ctx, x, x))
{
/* we have a self signed certificate */
if (sk_X509_num(ctx->chain) == 1)
{
/* We have a single self signed certi
gned certifcates at all, the openssl ca
> command would be a simple option to generate a few certificates signed
> by the self-signed one. You would put the self-signed certificate into
> the trusted certificates folder on the client and the server and use two
> other certificates in the
wrote:
Hi, I am trying to create a client/server application on windows 7,
where I have used self signed certificate at server side as well as at
client side. I used SSL_CTX_use_certificate_file and then
SSL_CTX_use_PrivateKey_file API to load the certificate and key. When
there is a SSL_connect
e. You would put the self-signed certificate into
the trusted certificates folder on the client and the server and use two
other certificates in the API on the client and the server respectively.
best regards,
Martin
_
Hi, I am trying to create a client/server application on windows 7, where I
have used self signed certificate at server side as well as at client side.
I used SSL_CTX_use_certificate_file and then SSL_CTX_use_PrivateKey_file API
to load the certificate and key.When there is a SSL_connect() call
Hi Manoj,
if you want to generate just one selfsigned
certificate, this would be the easiest:
# generate key and self signed cert with one command
openssl req -x509 -nodes -days 3650 \
-subj '/C=DE/ST=some-state/L=somewhere/CN=example.com' \
-newkey rsa:1024 -keyout key.pem -out cert.pem
# ver
Hi,
Can you post the complete command to generate the self signed certificate ,
the case where the verification worked for you?
Thanks
--
View this message in context:
http://openssl.6102.n7.nabble.com/Verifying-self-signed-certificate-tp18922p47362.html
Sent from the OpenSSL - User mailing
Hello list,
given that I know in advance the remote end's RSA public key, and that the
remote end is responding to my TLS handshake with a self-signed
certificate signed by his private RSA key, then what is the proper way of
verifying that nobody has tampered with the connection?
What
Thanks Dave for the response.
On Wed, May 15, 2013 at 11:29 PM, Dave Thompson wrote:
> >From: owner-openssl-us...@openssl.org On Behalf Of isshed
> >Sent: Wednesday, 15 May, 2013 08:25
>
> >I have a self-signed certificate installed on a server with
> >the followin
>From: owner-openssl-us...@openssl.org On Behalf Of isshed
>Sent: Wednesday, 15 May, 2013 08:25
>I have a self-signed certificate installed on a server with
>the following extensions fields.
>Key Usage:Digital Signature, Key Encipherment (a0)
>Basic Constraints :
Hi all,
I have a self-signed certificate installed on a server with the following
extensions fields.
=
Key Usage:Digital Signature, Key Encipherment (a0
> From: owner-openssl-us...@openssl.org On Behalf Of Mauricio Tavares
> Sent: Friday, 02 November, 2012 16:53
> On Fri, Nov 2, 2012 at 4:23 PM, Ken Goldman
> wrote:
> > I create a self signed certificate using
> >
> >> openssl req -new -x509 -key ... -out ...
On 2.11.12 3:23 PM, Ken Goldman wrote:
I create a self signed certificate using
> openssl req -new -x509 -key ... -out ... -days ...
It then prompts for the country, state, locality, etc.
Is there a way to enter that data on the command line or in a
configuration file to avoid the prom
On Fri, Nov 2, 2012 at 4:23 PM, Ken Goldman wrote:
> I create a self signed certificate using
>
>> openssl req -new -x509 -key ... -out ... -days ...
>
> It then prompts for the country, state, locality, etc.
>
> Is there a way to enter that data on the command line or i
I create a self signed certificate using
> openssl req -new -x509 -key ... -out ... -days ...
It then prompts for the country, state, locality, etc.
Is there a way to enter that data on the command line or in a
configuration file to avoid the prompts? I tried -config and a
configurat
>From: owner-openssl-us...@openssl.org On Behalf Of Mithun Kumar
>Sent: Thursday, 04 October, 2012 14:31
>I have a self signed certificate created and i have loaded that
>into a trust store of the client. I have also configured the Server
>with that self signed certificate. S
On 2012-09-24 20:55 + (Mon), Nou Dadoun wrote:
> Quick question: is there a simple openssl api call which will tell me
> if an x509 certificate is self-signed? ... N
Will simply comparing the issuer and the subject DNs in the cert do what
you need? Or do you need to check validity, the Author
Quick question: is there a simple openssl api call which will tell me if an
x509 certificate is self-signed? ... N
---
Nou Dadoun
ndad...@teradici.com
604-628-1215
__
OpenSSL Project http://www.
> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Tuesday, 14 August, 2012 08:09
> > if your self-signed cert has a KeyUsage extension that does
> > not include certSign,
> > OpenSSL skips it for chain-building, resulting in verify 20.
>
> Looks like the latter to me. P
ha1WithRSAEncryption
-END CERTIFICATE-
Charles
-Original Message-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson
Sent: Monday, August 13, 2012 7:09 PM
To: openssl-users@openssl.org
Subject: RE: CA for IIS-issued s
> From: owner-openssl-us...@openssl.org On Behalf Of Charles Mills
> Sent: Saturday, 11 August, 2012 08:57
> I wondered if perhaps there were path or filename
> specification problems
> (need to escape backslashes? a problem with embedded spaces?) but I
> eliminated all of those variables -- put
..@mcn.org]
Sent: Friday, August 10, 2012 8:54 PM
To: 'openssl-users@openssl.org'
Subject: RE: CA for IIS-issued self-signed certificate?
> If you ... subsequently call set_default_verify_paths, the later call
overrides and
> (only) the default file and/or directory are used.
Than
> If you ... subsequently call set_default_verify_paths, the later call
overrides and
> (only) the default file and/or directory are used.
Thanks. I wondered about that. I commented it out though and still get
exactly the same result.
I also added a certificate verify callback. I come through the
erver product (Kiwi Server) that is running on a VM on
> my system.
>
> Kiwi *only* accepts IIS-issued certificates. I issued a
> certificate using
> IIS 7.5 Manager "Issue Self-Signed Certificate." Windows 7 says "This
> certificate is OK."
>
>
ssued certificates. I issued a certificate using
IIS 7.5 Manager "Issue Self-Signed Certificate." Windows 7 says "This
certificate is OK."
My client follows the general scheme of the client in Chapter 5 of the
O'Reilly OpenSSL book. I know am getting the certificate back cor
ed certificate is certainly such a DANE one.
>
Specifically, as I responded Friday to a post from Harald Latzko
"RE: TLS server/client with self-signed certificate" :
OpenSSL won't verify a self-signed cert *or* a "real" CA cert
if it has KeyUsage that excludes certSign
sing, I'd expect a lookup fail at depth 1.
When I create a self-signed certificate:
$ openssl req -new -x509 -nodes -out foobar.crt
And check it then:
$ openssl verify -CApath /dev/null -CAfile foobar.crt foobar.crt
foobar.crt: OK
I'm puzzled and before jumping to conclusions wanted to a
okup fail at depth 1.
When I create a self-signed certificate:
$ openssl req -new -x509 -nodes -out foobar.crt
And check it then:
$ openssl verify -CApath /dev/null -CAfile foobar.crt foobar.crt
foobar.crt: OK
I'm puzzled and before jumping to conclusions wanted to ask you first
what you thi
d the cert in the truststore.
> > As above, check it is in the directory with the correct hash.
> See above: it's the case actually.
> >
> > Errors in cert attributes (like BC) give other error codes.
> Are there any more errors? I can't see any. Another point to
inking trust via subject hash is used) for self-signed
>> certificate in general?
>> This rule is no longer entirely true.
>
> The new rule is to stop when reaching a cert in your local trusted
> or banned list, self-signed or otherwise, and to not check if the
> self-signature
this mechanism works normally.
>> certificate verify error 20: unable to get local issuer
certificate:
>> My opinion is that the self-signed certificate has the X509v3 basic
constraint
>> CA flag set to "false":
>
>> A connect via "openssl s_client&q
ainst the commandline tool version.
I also added an unneeded link named the old hashing method (parameter
"-subject_hash_old" for openssl commandline tool). Since I've got a bunch of
working connection via various CAs, I assume this mechanism works normally.
>> certificate
>From: owner-openssl-us...@openssl.org On Behalf Of Harald Latzko
>Sent: Thursday, 02 August, 2012 03:03
> self-signed certificate as attached to this mail (can be retrieved
>from the TLS server 87.236.105.37:6619). My TLS client uses the
>following options:
>SSL_CTX_load_ve
Hell,I've got a question regarding self-signed X509v3 certificates used in a TLS1.0 server/client environment. A communication partner uses a self-signed certificate as attached to this mail (can be retrieved from the TLS server 87.236.105.37:6619). My TLS client uses the following op
> From: owner-openssl-us...@openssl.org On Behalf Of rey sebastien
> Sent: Wednesday, 14 December, 2011 07:33
> I have some problem with nested subdomain and wildcard openssl
> certificate..
> When i create the self signed certificate, i enter CN =
>
create the self signed certificate, i enter CN = *.parisgeo.cnrs.fr, but it's seems it's
impossible to connect on this site for example partage.parisgeo.cnrs.fr with this configuration ! Arg.
your connexion works fine up to the point of certificate verification.
openssl s_client doe
Hello users :)
I have some problem with nested subdomain and wildcard openssl
certificate.. perhaps this is because the subdomain type is :
site1.parisgeo.cnrs.fr, or site2.parisgeo.cnrs.fr, or other subdomain
like .parisgeo.cnrs.fr
When i create the self signed certificate, i enter CN
> From: owner-openssl-us...@openssl.org On Behalf Of Benoit Rouleau
> Sent: Friday, 11 November, 2011 12:19
> I have a problem. I am attempting to generate a self-signed
> (for internal use) certificate with multiple SAN and all I can get
> is a V1 certificate with no SAN at al
OpenSSL genrsa -out test.key 2048
# Generate the certificate signature request
OpenSSL req -new -key test.key -config test.cfg -out test.csr
# Generate the self signed certificate
OpenSSL x509 -req -days 3650 -signkey test.key -in test.csr -out test.crt
Included are all the file created (Key
t; binary (usr/local/ssl/fips1-0/bin)
>> Note: my machine already installed with openssl 0.9.8h. I didnt uninstall
>> it.
>>
>> what i tried is,
>> 1.executed /usr/local/ssl/fips1-0/bin/openssl this binary and created
>> self
>> signed certificate "key
sion 4.3.4
>
> I hope installation was successful and it created FIPS module and openssl
> binary (usr/local/ssl/fips1-0/bin)
> Note: my machine already installed with openssl 0.9.8h. I didnt uninstall
> it.
>
> what i tried is,
> 1.executed /usr/local/ssl/fips1-0/bin/ope
(usr/local/ssl/fips1-0/bin)
Note: my machine already installed with openssl 0.9.8h. I didnt uninstall
it.
what i tried is,
1.executed /usr/local/ssl/fips1-0/bin/openssl this binary and created self
signed certificate "key" -successful
2.Using same command, trying to create certificate
is:
>> Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd
>>
>
>Well that's one problem, if your certificates have the same issuer
>and subject
>names then you'll end up with what looks like a self-signed
>certificate. Try
>giving the server certifica
On Mon, Nov 29, 2010 at 3:36 PM, Dr. Stephen Henson wrote:
If there were any extensions in the server certificate that wouldn't happen
but the command you create the server certificate with doesn't include any and
ends up creating the deprecated V1 certificate format.
Should this behavior b
r example, my server.crt's issuer line is:
> Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd
> and my ca.crt's subject line is:
> Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd
>
Well that's one problem, if your certificates have the same issuer and
On Mon, 29 Nov 2010 20:05:43 +0200 "Dr. Stephen Henson"
wrote:
>On Mon, Nov 29, 2010, iruvopen...@hushmail.com wrote:
>
>> Greetings,
>>
>> I guess this question must have been asked quite a lot over
>here,
>> but I couldn't find any traces of it
>> so I guess I'll repeat it.
>>
>> I can't se
On Mon, Nov 29, 2010, iruvopen...@hushmail.com wrote:
> Greetings,
>
> I guess this question must have been asked quite a lot over here,
> but I couldn't find any traces of it
> so I guess I'll repeat it.
>
> I can't seem to be able to verify (using 'openssl verify') -
> without openssl spitti
T -
a server certificate that was signed with a custom-made CA even
though I pass the CA certificate using the -CAfile switch.
I've tried -purpose and also using -CApath instead of -CAfile but
to no avail.
Is this a feature, a bug or am I just doing it wrong?
Shouldn't a self-signed c
T -
a server certificate that was signed with a custom-made CA even
though I pass the CA certificate using the -CAfile switch.
I've tried -purpose and also using -CApath instead of -CAfile but
to no avail.
Is this a feature, a bug or am I just doing it wrong?
Shouldn't a self-signed c
Hi,
this is how i've been creating self signed certificates in the past for
TLS in smtpd:
openssl req -days 3650 -nodes -new -x509 -keyout /etc/ssl/private/ca.key \
-out /etc/ssl/ca.crt
openssl req -days 3650 -nodes -new -keyout
/etc/postfix/ssl/private/server.key \
-out /etc/postfix/ssl/p
Hi Folks,
This is my first "post" and I'm still "wet behind the ears" with this whole
certificate thing so please be gentle with me...
I'm trying to fix a security compliance issue on some of our networked
printers in the office, the problem seems to be due to the CN settings in
the default JetDi
.c:1053:SSL alert number 40
4204:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:530: "
and then i use tls1 method the error is like this :
"
...TLS 1.0 Handshake [length 0010], Finished...
...
verify error:num=18:self signed certificate "
Hi,
I'm kinda new to OpenSSL so please be gentle.
I am currently in the process of setting up a certificate chain for an intranet
I want something like Thawte has
Fonville IT Root CA
Fonville IT CA
www.sergefonville.nl
I have searched far and wide, but could not find a d
-
From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of andrew.luke
Sent: Thursday, June 04, 2009 8:11 AM
To: openssl-users@openssl.org
Subject: Trouble generating a self signed certificate
I've been trying to generate a self signed certificate to ge
> From: owner-openssl-us...@openssl.org On Behalf Of andrew.luke
> Sent: Thursday, 04 June, 2009 09:11
> I've been trying to generate a self signed certificate to get
> SSL working on a very simple internal web server. I'm using
> a windows server 2003 box so I
I've been trying to generate a self signed certificate to get SSL working on
a very simple internal web server. I'm using a windows server 2003 box so I
got the open SSL windows binaries from
http://www.slproweb.com/products/Win32OpenSSL.html. Using a HOWTO I found
here http://www.sit
Olaf Gellert:
> I would not say so. If I found a CRL which contains the
> self signed root certificate I would stop to trust it
> immediately.
Why? What do you think that CRL means? Specifically, do you think it means
the public key was compromised? Do you think it means the issuer of the
origin
Hi all,
David Schwartz wrote:
>> Can you please elaborate on how would the higher-layer security
>> infrastructure go about this?
>
> Simply put, whatever put the certificate in its trusted position is what is
> to remove it. If a CA says to trust a certificate, that CA can say not to.
> But if t
There is currently no automated protocol for doing this. There is
currently an effort at PKIX for a "Trust Anchor Management Protocol",
though, which would allow for tools to be made cross-platform.
Also, self-signed CAs are basically never checked for expiration.
(The 'trust anchor' is technical
by spreading awareness by an out-of-band means but not
eliminated
> until ofcourse, the self-signed CA certificate expires.
It's not impossible. Just use the same technique that installed the
self-signed certificate to uninstall it. If you could get it trusted
somehow, why can't you get i
Also, does openssl allow a CA to revoked its own self-signed certificate?
What happens when during the openssl verify, it finds that the CRL given by
CA contains the CA-certificate in the revoked list?
On Mon, Jan 26, 2009 at 9:28 PM, PS wrote:
> Can you please elaborate on how would the hig
Can you please elaborate on how would the higher-layer security
infrastructure go about this?
To me, it just seems impossible to do this and the issue might only be
mitigated by spreading awareness by an out-of-band means but not eliminated
until ofcourse, the self-signed CA certificate expires.
O
A self-signed CA certificate (technically, a "trust anchor") cannot be
revoked via CRL. This is assumed to be a function of the higher-layer
security infrastructure which led to the trust anchor being trusted in
the first place, and is outside the scope of CRL.
-Kyle H
On Mon, Jan 26, 2009 at 9:
Hi All,
Is it possible to revoke a self-signed CA certificate?
If yes, then I dont understand why it should be allowed. It does not make
sense. The only reason a root CA would want to revoke its own certificate is
if its private-key might have been compromised. So, the CA would want to
revoke its
[EMAIL PROTECTED] wrote:
Sir,
How do I check to see what version of Open SSL that I have on my
system? I am trying to answer the attached vulnerability.
If you have the executable for the superapp then use:
openssl version -a
If you don't then you can
strings path-to-library | grep '
Dear All,
I have self signed root certificate. I want to verify the peer certificate.
In API static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509
*issuer).
I saw function calling X509_check_issued(issuer, x); where they are
matching issuer and subject. But I saw server is sending the T
matteo mattau escribió:
Dears,
I'm in trouble with self signed certificate, when I try to verify via
ocsp a certificate whose issuer is self signed.
The error I receive is always
openssl ocsp -issuer /usr/local/ssl/cert/issuerPEM.crt -cert
./certificatePEM.cer -url http://ocsp.foo.com -C
Dears,
I'm in trouble with self signed certificate, when I try to verify via ocsp a
certificate whose issuer is self signed.
The error I receive is always
openssl ocsp -issuer /usr/local/ssl/cert/issuerPEM.crt -cert
./certificatePEM.cer -url http://ocsp.foo.com -CApath
/usr/loca
I used SelfSSL.exe utility to create self-signed certificate and installed it
into IIS on my website.
My OpenSSL client fails when I try to connect to my website. I've got this
error:
SSL_connect() failed: error:0001:lib(0):func(0):reason(1)
error:1409008
I have noticed this as well. I believe it operates correctly in the
0.9.9 snapshot.
Indeed, the change log indicates a fix. Thanks. At the moment I'm
unable to get a good build with the 3/10 SNAP. ...a problem
linking .dylib.
___
I have noticed this as well. I believe it operates correctly in the
0.9.9 snapshot.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Larry Bugbee
Sent: February 13, 2008 8:41 PM
To: openssl-users@openssl.org
Subject: Re: ECC Self-Signed Certificate
re is valid, it will show
up like
that.
Thanks,
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Patrick
Patterson
Sent: Wednesday, February 13, 2008 10:07 AM
To: openssl-users@openssl.org
Subject: Re: ECC Self-Signed Certificate
On Wednesday 13 Feb
[EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Victor Duchovni
> Sent: Wednesday, February 13, 2008 8:00 AM
> To: openssl-users@openssl.org
> Subject: Re: ECC Self-Signed Certificate
>
> On Wed, Feb 13, 2008 at 12:40:18AM -0500, Nabil Ghadiali wrote:
> > Can someon
Bill
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nabil Ghadiali
Sent: February 13, 2008 12:40 AM
To: openssl-users@openssl.org
Subject: ECC Self-Signed Certificate
Can someone help me with the command to generate a self-signed
certifi
]
> [mailto:[EMAIL PROTECTED] On Behalf Of Victor Duchovni
> Sent: Wednesday, February 13, 2008 8:00 AM
> To: openssl-users@openssl.org
> Subject: Re: ECC Self-Signed Certificate
>
> On Wed, Feb 13, 2008 at 12:40:18AM -0500, Nabil Ghadiali wrote:
> > Can someone help me with the
ted or may have been altered"
Thanks,
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Victor Duchovni
Sent: Wednesday, February 13, 2008 8:00 AM
To: openssl-users@openssl.org
Subject: Re: ECC Self-Signed Certificate
On Wed, Feb 13, 2008 at 12:
On Wed, Feb 13, 2008 at 12:40:18AM -0500, Nabil Ghadiali wrote:
> Can someone help me with the command to generate a self-signed certificate
> using openssl?
>
>
>
> I have used the following steps and when I get a certificate and open up it
> says "the signature
Can someone help me with the command to generate a self-signed certificate
using openssl?
I have used the following steps and when I get a certificate and open up it
says "the signature is invalid". Am I missing something?
I have created an ECC key pair using the following
Hi,
certificate chain verification is always done until a self-signed
CA certificate (root CA certificate), even if intermediate sub-CA
certificates are locally known (which equals trusted) - but why?
Is there some cryptographic requirement for this?
(I understood that a root-CA certificate mus
on -d")
* put the self signed certificate ( cacert.pem) in $OPENSSLDIR/certs
* create the hash-based symlink using some script
* then I do "openssl verify cacert.pem", and got ok
despite the above, I till get
TLS: Certificate verification failed, error 18 (self signed
certificate
Hello,
--On Juli 03, 2007 13:31:27 +0530 Vishal V <[EMAIL PROTECTED]> wrote:
Many thanks for the information.
But my query is partially answered.
Here it goes
A) Doesn't client need server's self-signed certificate to validate the
transmitted certificate?
- Is Question A is
Many thanks for the information.
But my query is partially answered.
Here it goes
A) Doesn't client need server's self-signed certificate to validate the
transmitted certificate?
- Is Question A is true then how to obtain this certificate.
- Also how to configure this certificate
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Vishal V
Sent: Monday, July 02, 2007 5:17 AM
To: openssl-users@openssl.org
Subject: Self Signed Certificate: certificate chain verification failure
Importance: High
Resending my mail with corrected
Resending my mail with corrected information
Dear All,
My client program fails to establish the secure connection (https) with
web server due to certificate chain verification failure.
And I think the error is due to a self signed certificate
Dear All,
My client problem fails to establish the secure connection (https) with
web server due to certificate chain verification failure.
And I think the error is due to a self signed certificate
1 - 100 of 162 matches
Mail list logo
