search for: x509_extensions

...o build the Ruby OpenSSL extension, after 1 minor tweak to x509.h to eliminate a macro conflict: --- x509.orig Thu Oct 02 11:30:10 2008 +++ x509.h Thu Oct 02 11:47:05 2008 @@ -116,6 +116,7 @@ /* Under Win32 these are defined in wincrypt.h */ #undef X509_NAME #undef X509_CERT_PAIR +#undef X509_EXTENSIONS #endif #define X509_FILETYPE_PEM 1 But, when I try to start Rails, for example, I get this: "The ordinal 284 could not be located in the dynamic link library SSLEAY32.DLL". Any idea on how to solve this? Regards, Dan This communication is the property of Qwest and may conta...

...g. I checked >>the server and really think that the certificates are in the right place. > >Here's how I managed that in my openssl.cnf file. Lots of bits >ellided for clarity's sake: > >### start ### >[ ca ] >default_ca = CA_default > >[ CA_default ] >x509_extensions = server_cert > >[ server_cert ] >basicConstraints=CA:FALSE >keyUsage = nonRepudiation, dataEncipherment, digitalSignature, keyEncipherment >extendedKeyUsage = serverAuth, clientAuth >nsCertType = server, client >### end ### > >I think the nsCertType directive may be unne...

> > >Folks > >I would like to have my windows 7 laptop communicate with my home >server via a VPN, in such a way that it appears to be "inside" my >home network. It should not only let me appear to be at home for >any external query, but also let me access my computers inside my home. > >I already have this working using M$'s PPTP using my home

...cate, not the CA's, unless I'm wrong. I checked the server and really > think that the certificates are in the right place. Here's how I managed that in my openssl.cnf file. Lots of bits ellided for clarity's sake: ### start ### [ ca ] default_ca = CA_default [ CA_default ] x509_extensions = server_cert [ server_cert ] basicConstraints=CA:FALSE keyUsage = nonRepudiation, dataEncipherment, digitalSignature, keyEncipherment extendedKeyUsage = serverAuth, clientAuth nsCertType = server, client ### end ### I think the nsCertType directive may be unnecessary these days, but I keep it a...

...ficates >> > are in the right place. >> >> Here's how I managed that in my openssl.cnf file. Lots of bits ellided for >> clarity's sake: >> >> ### start ### >> [ ca ] >> default_ca = CA_default >> >> [ CA_default ] >> x509_extensions = server_cert >> >> [ server_cert ] >> basicConstraints=CA:FALSE >> keyUsage = nonRepudiation, dataEncipherment, digitalSignature, >> keyEncipherment >> extendedKeyUsage = serverAuth, clientAuth >> nsCertType = server, client >> ### end ### >>...

After building and install dovecot I then made my own self signed SSL certs and placed them carefully into the correct places : Thus : # grep -v "^#" dovecot-openssl.cnf | grep -v "^$" [ req ] default_bits = 1024 encrypt_key = yes distinguished_name = req_dn x509_extensions = cert_type prompt = no [ req_dn ] C=CA ST=Ontario L=Toronto O=Blastwave OU=IMAP server CN=titan.blastwave.org emailAddress=postmaster at blastwave.org [ cert_type ] nsCertType = server # /opt/csw/bin/openssl req -new -x509 -nodes -config ./dovecot-openssl.cnf -out /etc/opt/csw/dovecot/certs/dovec...