similar to: X.509 certificate integration continue with PKCS11 and FIPS capable OpenSSL

Displaying 20 results from an estimated 2000 matches similar to: "X.509 certificate integration continue with PKCS11 and FIPS capable OpenSSL"

2006 Apr 27
0
Announce: X.509 certificates support in OpenSSH version 5.4
Hi All, The version 5.4 of "X.509 certificates support in OpenSSH" is ready for download. On download page http://roumenpetrov.info.localhost/openssh/download.html#get_-5.4 you can found diffs for OpenSSH versions 4.2p1 and 4.3p2. What's new: * given up support for "x509v3-sign-rsa-sha1" and "x509v3-sign-dss-sha1" The implementation realised in previous
2008 Mar 13
0
[Fwd: Re: OpenSSH and X.509 Certificate Support]
Hi Roumen, I discovered that the need of appending the .pub part of id_rsa(client key+cert) on the server can be eliminated by adding the Certificate Blob to authorized_keys which could look something like this: x509v3-sign-rsa subject= /C=FR/ST=PARIS/L=DESEl/O=SSL/OU=VLSI/CN=10.244.82.83/emailAddress=client at company.com This is extracted from the client certificate using openssl as
2023 Mar 10
1
OpenSSH FIPS support
Hi Joel, Joel GUITTET wrote: > Hi, > We currently work on a project that require SSH server with FIPS and using OpenSSL v3. There is no way to work with OpenSSL v3 due to many reasons. If you like to get FIPS capable secsh implementation compatible with OpenSSL FIPS validated modules 1.2 and 2.0 , RedHat ES, or Oracle Solaris you could use PKIX-SSH. Regards, Roumen Petrov -- Advanced
2004 Apr 07
0
Announce: X.509 certificates support in OpenSSH(version h-Validator)
I'm pleased to announce that the version "h"(code-name Validator) of "X.509 certificates support in OpenSSH" is now available for immediate download at http://roumenpetrov.info/openssh. Features: * "x509v3-sign-rsa" and "x509v3-sign-dss" public key algorithms * certificate verification * certificate validation o CRL o OCSP (optional and
2004 Aug 19
0
Announce: X.509 certificates support in OpenSSH-3.9p1
Hi All, Diffs of "X.509v3 certificates support for OpenSSH" versions g4(Compatibility) and h(Validator) for OpenSSH-3.9p1 are ready for download. Please visit "http://roumenpetrov.info/openssh" for more information. Features: * "x509v3-sign-rsa" and "x509v3-sign-dss" public key algorithms * certificate verification * certificate validation o CRL o
2006 Jan 22
0
Announce: X.509 certificates support in OpenSSH (version 5.3 from "Validator" series)
Hi All, The version 5.3 of "X.509 certificates support in OpenSSH" is published. This version adds preliminary support for "x509v3-sign-rsa-sha1" and "x509v3-sign-dss-sha1" key type names in conformance with "draft-ietf-secsh-x509-02.txt" and extends "x509v3-sign-dss key type with signatures in "ssh-dss" format. More details on page
2008 Feb 13
1
Openssh + x509 patch problem
Hi all, I'm trying to install ssh server based on x509 certificates with no result. What I've done is the following: - Build openssh4.7p1 after patching with openssh-4.7p1+x509-6.1.diff.gz without error using ./configure --prefix=/opt/ssh && make && make install in both server and client machines - Create minimal openssl ca structure under /opt/ssh/etc/ca ( self
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Roumen. I have few more questions below: 1. What version of OpenSSH can the patch be applied to? What branch should I check out the patch? 2. >Impact is not only for source code. Build process has to be updated as well. Red Hat is based on "fipscheck". What build process should be changed? What is fipscheck? 3. My understanding any application (such as OpenSSH) which need
2015 Dec 07
2
OpenSSH FIPS 140-2 support using OpenSSL FIPS modules?
Thanks Roumen. >Lets assume that application use OpenSSL FIPS validated module. FIPS mode is activated in openssl command if environment variable OPENSSL_FIPS is set. Similarly I use OPENSSL_FIPS environment variable to activate FIPS mode. Code will call FIPS_mode_set(1) if crypto module is not FIPS mode. Did you mean the FIPS patched OpenSSH server and client (such as ssh-keygen) always
2012 May 25
2
Announce: X.509 certificates support v7.2 for OpenSSH version 6.0p1
Dear All, X.509 certificates support for OpenSSH version 6.0p1 was published. I brief new version include : - support for Android platform; - engine implementation is now considered stable; - various regression test improvements including fixes for OpenSSL FIPS enabled 1.0.1 stable release and korn shell Yours sincerely, Roumen Petrov -- Get X.509 certificates support in OpenSSH:
2003 Jan 30
0
X.509 certificates support in OpenSSH - version f is ready
Hi all, I have pleasure to announce new version f of "X.509 certificates support in OpenSSH" Please to update your bookmarks/favorites with new location: http://roumenpetrov.info/openssh Old location is available too: http://satva.skalasoft.com/~rumen/openssh What's new: * support "Certificate Revocation Lists" (CRLs) * ssh-keyscan can show hostkey with
2013 Jan 08
6
Why is localhost self-signed cert a CA cert?
I am building a mail server on Centos 6.3 and working with OpenSSL to create a self-signed certificate for mail use. Along the line of learning the 'best' options to use for OpenSSL and dealing with the default SSL virtual host for Apache, I discovered that the localhost cert created (I believe) during firstboot has the X509v3 extensions set as a CA cert (eg basicConstraint CA:TRUE).
2006 Sep 30
1
Announce: X.509 certificates support version 5.5.1 in OpenSSH 4.4p1
Hi All, The version 5.5.1 of "X.509 certificates support in OpenSSH" is ready for download. On download page http://roumenpetrov.info.localhost/openssh/download.html#get_-5.5.1 you can found diff for OpenSSH versions 4.4p1. What's new: * specific diff of 5.5 for OpenSSH 4.4p1 Because of OpenSSH source code changes, like include statements and new server option
2013 Sep 10
0
[Bug 1647] Implement FIPS 186-3 for DSA keys
<bugzilla-daemon at mindrot.org> writes: > https://bugzilla.mindrot.org/show_bug.cgi?id=1647 > > mackyle at gmail.com changed: > > What |Removed |Added > ---------------------------------------------------------------------------- > CC| |mackyle at gmail.com > > --- Comment #2 from
2005 Mar 10
0
X.509 certificates support for OpenSSH-4.0p1
I'm pleased to announce that X.509 certificates support for OpenSSH-4.0p1 is now available for download. Please visit http://roumenpetrov.info/openssh/ to get it. Best regards, Roumen Petrov
2005 Jun 13
0
Announce: X.509 certificates support in OpenSSH (version 5.2 from "Validator" series)
Hi All, The version 5.2 of "X.509 certificates support in OpenSSH" is ready for download. Available diffs are for OpenSSH versions 3.9p1, 4.0p1 and 4.1p1. What's new: * print CERT RR (resource record) * verify remote key using DNS and CERT RR * include not-pipeline patch * work with OpenSSL 0.9.8betaX Please visit "http://roumenpetrov.info/openssh/" for more information.
2008 Mar 10
1
Benefits of OpenSSH X.509 over key based authentication?
Hi, I have some observations regarding the X.509 patch developed by Roumen Petrov for OpenSSH available at http://roumenpetrov.info/openssh/ , I don't understand some things here like 1. When certificate based authentication of the client is desired, shouldn't it be something like what mod_ssl does in Apache where u have a CA certificate at the server, and then the client
2009 Feb 23
0
Announce: X.509 certificates support v6.2 for OpenSSH version 5.2p1
Hi All, Version 6.2 of "X.509 certificates support in OpenSSH" is ready for immediate download. Visit "http://roumenpetrov.info/openssh/" for details. Regards, Roumen Petrov
2011 Sep 08
2
Announce: X.509 certificates support v7.0 for OpenSSH version 5.9p1
Hi All, Version 7.0 of "X.509 certificates support in OpenSSH" is ready for immediate download. This version allow client to use certificates and keys stored into external devices. The implementation is based on openssl dynamic engines. For instance E_NSS engine ( http://developer.berlios.de/projects/enss ) will allow you to use certificates and keys from Firefox, SeaMonkey,
2013 Jan 05
0
X.509 certificate support version 7.4 is available for download
Dear All, Version 7.4 of X.509 certificates support for OpenSSH was published yesterday. New feature: - RSASHA1 algorithm for DNS CERT RR as described in RFC 4034 Deprecated option X509rsaSigType is finally removed. More detailed description is available on http://roumenpetrov.info/openssh/ Yours sincerely, Roumen Petrov