search for: subjectkeyidentifier

Displaying 7 results from an estimated 7 matches for "subjectkeyidentifier".

2010 Oct 05
1
Broken support for Smart Card Logon in Windows 2003 and XP
...least one difference, which could be a cause of issue: Samba (in fact, Heimdal) generates PA-PK-AS-REP which violates RFC 3852 (cryptographic message syntax). RFC 3852 says: If the RecipientIdentifier is the CHOICE issuerAndSerialNumber, then the version MUST be 0. If the RecipientIdentifier is subjectKeyIdentifier, then the version MUST be 2. But Heimdal uses subjectKeyIdentifier in response and version number 0. MS uses issuerAndSerialNumber. I tried to force Heimdal use issuerAndSerialNumber in response (simply by commenting if statement in hx509_cms_create_signed function and make sigctx.cmsidflag alwa...
2006 Jun 13
1
SSL fingerpring mismatch and issuer certificate problem
I have a remote server running centos 4.3 and a home desktop running suse 10.1. I have generated an SSL certificate on the server, copied it on the desktop and run on the desktop: >openssl x509 -in mynewcertCert.pem -fingerprint -subject -issuer -serial -hash -noout >c_rehash . getting this warning: > > Doing . > WARNING: mynewcertPrivateKey.pem does not contain a certificate or
2016 Apr 19
2
VPN suggestions centos 6, 7
...esn't hurt anything. > >The important bit is the extendedKeyUsage line; I'm pretty sure that >an OpenVPN server needs the serverAuth extension. For instance, here >is the X509 extensions configuration for a server used by EasyRSA: > > basicConstraints = CA:FALSE > subjectKeyIdentifier = hash > authorityKeyIdentifier = keyid,issuer:always > extendedKeyUsage = serverAuth,clientAuth > keyUsage = digitalSignature,keyEncipherment > >You can ask openssl to tell you the purpose of a certificate: > >[bash]$ openssl x509 -noout -purpose -in cert.pem | grep SSL...
2016 Apr 18
2
VPN suggestions centos 6, 7
> > >Folks > >I would like to have my windows 7 laptop communicate with my home >server via a VPN, in such a way that it appears to be "inside" my >home network. It should not only let me appear to be at home for >any external query, but also let me access my computers inside my home. > >I already have this working using M$'s PPTP using my home
2016 Apr 18
0
VPN suggestions centos 6, 7
...keep it around because it doesn't hurt anything. The important bit is the extendedKeyUsage line; I'm pretty sure that an OpenVPN server needs the serverAuth extension. For instance, here is the X509 extensions configuration for a server used by EasyRSA: basicConstraints = CA:FALSE subjectKeyIdentifier = hash authorityKeyIdentifier = keyid,issuer:always extendedKeyUsage = serverAuth,clientAuth keyUsage = digitalSignature,keyEncipherment You can ask openssl to tell you the purpose of a certificate: [bash]$ openssl x509 -noout -purpose -in cert.pem | grep SSL SSL client : Yes SSL client...
2016 Apr 19
0
VPN suggestions centos 6, 7
...>> The important bit is the extendedKeyUsage line; I'm pretty sure that an >> OpenVPN server needs the serverAuth extension. For instance, here is the >> X509 extensions configuration for a server used by EasyRSA: >> >> basicConstraints = CA:FALSE >> subjectKeyIdentifier = hash >> authorityKeyIdentifier = keyid,issuer:always >> extendedKeyUsage = serverAuth,clientAuth >> keyUsage = digitalSignature,keyEncipherment >> >> You can ask openssl to tell you the purpose of a certificate: >> >> [bash]$ openssl x509 -noou...
2006 Jul 07
2
Authentication by certificats (a bug or my misconfiguration)
...ith plain and login mechanisms allowed. I tested "few" sets of certificates (for ca, server and user) with configurations ranging from quite specific ones (with basicConstraints, nsCertType, keyUsage, extendedKeyUsage fields set) to very simple ones (basicConstraints + typical stuff like subjectKeyIdentifier). All of them gave the same results with dovecot (postfix didn't complain with any of them either). This is what I get in logs, when trying to pull mail using opera or mozilla: Jul 7 14:33:47 ppgk-wa dovecot: Dovecot v1.0.rc2 starting up Jul 7 14:33:57 ppgk-wa dovecot: pop3-login: Invalid c...