search for: extendedkeyusage

...ld hope, but >>comparing several of them, applying common sense, and trying things >>out, I arrived at a dead-end. Here's essentially what happened: >> >>- None of the HOW-TOs were very clear about the need to add some >>attributes to a certificate, keyUsage and extendedKeyUsage. They >>had different values for server and client. OpenSSL documentation >>was a big vague on how to add them, but I think I did - the print >>out of the entity certificates showed the values. The attempt to >>connect failed. The client log is below. I think it'...

...-TO guides were less helpful than I could hope, but comparing several of them, applying common sense, and trying things out, I arrived at a dead-end. Here's essentially what happened: - None of the HOW-TOs were very clear about the need to add some attributes to a certificate, keyUsage and extendedKeyUsage. They had different values for server and client. OpenSSL documentation was a big vague on how to add them, but I think I did - the print out of the entity certificates showed the values. The attempt to connect failed. The client log is below. I think it's complaining that the CA cert...

...lpful than I could hope, but > comparing several of them, applying common sense, and trying things > out, I arrived at a dead-end. Here's essentially what happened: > > - None of the HOW-TOs were very clear about the need to add some attributes > to a certificate, keyUsage and extendedKeyUsage. They had different values > for server and client. OpenSSL documentation was a big vague on how to add > them, but I think I did - the print out of the entity certificates showed the > values. The attempt to connect failed. The client log is below. I think > it's complaini...

...of >> > them, applying common sense, and trying things out, I arrived at a >> > dead-end. Here's essentially what happened: >> > >> > - None of the HOW-TOs were very clear about the need to add some >> > attributes to a certificate, keyUsage and extendedKeyUsage. They had >> > different values for server and client. OpenSSL documentation was a big >> > vague on how to add them, but I think I did - the print out of the entity >> > certificates showed the values. The attempt to connect failed. The >> > client log i...

...S handshaking: SSL_accept() syscall failed: Connection reset by peer" errors *if the certificate granted is not granted for client use*. For servers, I normally generate SSL certificates specifically for servers: [ server_ca_extensions ] basicConstraints = CA:false keyUsage = keyEncipherment extendedKeyUsage = 1.3.6.1.5.5.7.3.1 If you just do that, then the SSL certificate doesn't work in dovecot (it will work fine in Apache, or Postfix etc etc). You also need the certificate to be valide for client side work: [ client_and_server_ca_extensions ] basicConstraints = CA:false keyUsage = digitalSigna...

Hi, I followed the TLS/SRTP tutorial on the wiki [0] using Asterisk 11.8.1 on CentOS 6.5 x86_64 and CSipSimple on a Nexus with Android 4.4.x local wifi. The phone seems to register but directly after that things fall apart (turning SELinux off made no difference): *CLI> -- Registered SIP 'encrypted' at 10.0.0.137:58079 > Saved useragent

.../Secure+Calling+Tutorial", but no luck. I googled around the issue and found solution mentioned by Patrick ( https://www.mail-archive.com/asterisk-users at lists.digium.com/msg274038.html) Did anyone has tried this solution and found it is working? I tried to create certificates with keyUsage/extendedKeyUsage, but it is not working. I have one more query - When the SIP user agents are able to register successfully with TLS, why more handshake is required while making a call? Can't Asterisk use existing TLS connection with Leg B to forward INVITE request? Could anyone please educate me on the same?...

...ername) The rest is just pretty standard, using passwd for both user auth and userdb, with plain and login mechanisms allowed. I tested "few" sets of certificates (for ca, server and user) with configurations ranging from quite specific ones (with basicConstraints, nsCertType, keyUsage, extendedKeyUsage fields set) to very simple ones (basicConstraints + typical stuff like subjectKeyIdentifier). All of them gave the same results with dovecot (postfix didn't complain with any of them either). This is what I get in logs, when trying to pull mail using opera or mozilla: Jul 7 14:33:47 ppgk-wa...

Folks I would like to have my windows 7 laptop communicate with my home server via a VPN, in such a way that it appears to be "inside" my home network. It should not only let me appear to be at home for any external query, but also let me access my computers inside my home. I already have this working using M$'s PPTP using my home Centos 6 gateway/router as the PoPToP server.