Displaying 2 results from an estimated 2 matches for "x509keyalgorithm".
2012 Jan 15
0
X.509 certificate integration continue with PKCS11 and FIPS capable OpenSSL
...of X.509 certificates based on RSA keys from PKCS11module. Another
integration update is that now you could you use FIPS capable OpenSSL
library in FIPS mode.
As result of above mentioned features x509v3-sign-rsa public key
algorithm now prefer sha1 to md5. This mean that by default option
X509KeyAlgorithm is switched from
X509KeyAlgorithm x509v3-sign-rsa,rsa-md5
X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1
to
X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1
X509KeyAlgorithm x509v3-sign-rsa,rsa-md5 (not available in FIPS mode)
Note client and server use the first listed in for X509KeyAlgorithm for...
2008 Feb 13
1
Openssh + x509 patch problem
...sh_host_key_cert
cat server.pem >> ssh_host_key_cert
chmod 0600 ssh_host_key_cert
../bin/ssh-keygen -y > ssh_host_key_cert.pub
// entering ssh_host_key_cert as key
- Changing /opt/ssh/etc/sshd_config:
CACertificateFile /opt/ssh/etc/ca/crt/cacert.pem
Port 4422
X509KeyAlgorithm x509v3-sign-rsa,rsa-md5
X509KeyAlgorithm x509v3-sign-rsa,rsa-sha1
AllowedCertPurpose sslclient
PasswordAuthentication no
- Customizing server user configuration
cat /opt/ssh/etc/ssh_host_key_cert.pub > .ssh/authorized_keys
- Now __On client machine__ (after copying, client.p...