Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: SSL Certificate Stores
Special Forums Cybersecurity SSL Certificate Stores Post 302901204 by Lost in Cyberia on Monday 12th of May 2014 06:04:25 PM
Old 05-12-2014
Great explanation, thanks! Also from how I had it explained to me... when a new CA emerges, they sort of 'earn their spurs' by having other CA's sign their certs.

Is openssl and NSS the main to preferred methods to open an SSL connection?

Lastly, I know revocation checking is done with either a CRL check or the OCSP protocol, are these built into openssl or nss?
 

9 More Discussions You Might Find Interesting

1. Web Development

SSL Certificate Installation problem

Hello everybody Hope somebody can help me I'm trying to install SSL Certificate on Apache/mod_ssl on Linux with Zend for Oracle. I bought and downloaded certificate from certificate from Network Solutions. Than I followed the instructions to the dot. I created a directory for certificate... (2 Replies)
Discussion started by: Trusevich
2 Replies

2. Web Development

SSL certificate

Dear All Anyone know how to issue two different certification on apache virtualhost fyi i have one virtualhost eg 69.192.1.25:443 already signed with verisign how can i configure another virtualhost 69.192.1.25:443 which signing with another certificate which self signing. i search net not... (1 Reply)
Discussion started by: netxus
1 Replies

3. AIX

Installing SSL certificate on AIX

Hello, I am new in UNIX, and some one asks me to install SSL certificates to allow exchange with an external system. Can someone tell how to install certificate (ex : verisignxxx.cer) on a UNIX server? Many thanks. Tibo (4 Replies)
Discussion started by: tibo51
4 Replies

4. Cybersecurity

SSL certificate

Hi guys. I have some questions about ssl certificates. I looked at SSL providers and saw that they are providing 2 types of certificates: per server or per domain. my server host name is: srv1.example.com I have a smtp, imap, web server on this box. but all services accessed by different... (1 Reply)
Discussion started by: majid.merkava
1 Replies

5. Web Development

export SSL certificate

we are doing TCP for our systems. I have a working SSL certificate on prodction webserver. Im planning to export it to our DR server for TCP purposes. However when I export based on the procedure below, it doesn't work. When I restart the DR webserver, it still says the certifcate is expired.Any... (1 Reply)
Discussion started by: lhareigh890
1 Replies

6. Red Hat

SSL Certificate Renewal on Tomcat

Hi, I want to renew the ssl certificate for one of my application on tomcat without down time. I want to know what would the possible impacts for the users who currently have sessions to the app. Regards, Arumon (1 Reply)
Discussion started by: arumon
1 Replies

7. Web Development

WebLogic SSL enabling ignoring CA certificate

Hi, I was trying to enable SSL cert on WebLogic 10.3 (CentOS), I don't have a third party Certificate Authority(C.A) to get the .csr file certified. Is there an alternate way that replaces the step sending .csr file to CA ? Thanks SZS (1 Reply)
Discussion started by: szs
1 Replies

8. Red Hat

SSL certificate generation error 8016

Hi guys, I'm trying to generate a key using the genkey command in centos 6.4 and RHEL6.4, Every thing seems to go cool but I get this error message bad certificate request error -8016 and no key/cert is generated. I don't want use the many openssl(s) commands instead since genkey is a shourtcut... (4 Replies)
Discussion started by: leo_ultra_leo
4 Replies

9. Web Development

CronJobs issues after SSL certificate

Hello! I had a cron job running on my website, activating a php script every friday. The Php script just activated another photo to add in the gallery. It worked fine until I got an SSL certificate for my website, then everything broke. This was the command before: lynx -source... (0 Replies)
Discussion started by: AGDesign
0 Replies

LEARN ABOUT FREEBSD

hx509_revoke_init

hx509 revokation checking functions(3)				Heimdalx509library			    hx509 revokation checking functions(3)

NAME

       hx509 revokation checking functions -

   Functions
       int hx509_revoke_init (hx509_context context, hx509_revoke_ctx *ctx)
       void hx509_revoke_free (hx509_revoke_ctx *ctx)
       int hx509_revoke_add_ocsp (hx509_context context, hx509_revoke_ctx ctx, const char *path)
       int hx509_revoke_add_crl (hx509_context context, hx509_revoke_ctx ctx, const char *path)
       int hx509_revoke_verify (hx509_context context, hx509_revoke_ctx ctx, hx509_certs certs, time_t now, hx509_cert cert, hx509_cert
	   parent_cert)
       int hx509_ocsp_request (hx509_context context, hx509_certs reqcerts, hx509_certs pool, hx509_cert signer, const AlgorithmIdentifier
	   *digest, heim_octet_string *request, heim_octet_string *nonce)
       int hx509_revoke_ocsp_print (hx509_context context, const char *path, FILE *out)

Detailed Description
       See the Revocation methods for description and examples.

Function Documentation
   int hx509_ocsp_request (hx509_context context, hx509_certs reqcerts, hx509_certs pool, hx509_cert signer, const AlgorithmIdentifier * digest,
       heim_octet_string * request, heim_octet_string * nonce)
       Create an OCSP request for a set of certificates.

       Parameters:
	   context a hx509 context
	   reqcerts list of certificates to request ocsp data for
	   pool certificate pool to use when signing
	   signer certificate to use to sign the request
	   digest the signing algorithm in the request, if NULL use the default signature algorithm,
	   request the encoded request, free with free_heim_octet_string().
	   nonce nonce in the request, free with free_heim_octet_string().

       Returns:
	   An hx509 error code, see hx509_get_error_string().

   int hx509_revoke_add_crl (hx509_context context, hx509_revoke_ctx ctx, const char * path)
       Add a CRL file to the revokation context.

       Parameters:
	   context hx509 context
	   ctx hx509 revokation context
	   path path to file that is going to be added to the context.

       Returns:
	   An hx509 error code, see hx509_get_error_string().

   int hx509_revoke_add_ocsp (hx509_context context, hx509_revoke_ctx ctx, const char * path)
       Add a OCSP file to the revokation context.

       Parameters:
	   context hx509 context
	   ctx hx509 revokation context
	   path path to file that is going to be added to the context.

       Returns:
	   An hx509 error code, see hx509_get_error_string().

   void hx509_revoke_free (hx509_revoke_ctx * ctx)
       Free a hx509 revokation context.

       Parameters:
	   ctx context to be freed

   int hx509_revoke_init (hx509_context context, hx509_revoke_ctx * ctx)
       Allocate a revokation context. Free with hx509_revoke_free().

       Parameters:
	   context A hx509 context.
	   ctx returns a newly allocated revokation context.

       Returns:
	   An hx509 error code, see hx509_get_error_string().

   int hx509_revoke_ocsp_print (hx509_context context, const char * path, FILE * out)
       Print the OCSP reply stored in a file.

       Parameters:
	   context a hx509 context
	   path path to a file with a OCSP reply
	   out the out FILE descriptor to print the reply on

       Returns:
	   An hx509 error code, see hx509_get_error_string().

   int hx509_revoke_verify (hx509_context context, hx509_revoke_ctx ctx, hx509_certs certs, time_t now, hx509_cert cert, hx509_cert parent_cert)
       Check that a certificate is not expired according to a revokation context. Also need the parent certificte to the check OCSP parent
       identifier.

       Parameters:
	   context hx509 context
	   ctx hx509 revokation context
	   certs
	   now
	   cert
	   parent_cert

       Returns:
	   An hx509 error code, see hx509_get_error_string().

Version 1.5.2							    11 Jan 2012 			    hx509 revokation checking functions(3)
All times are GMT -4. The time now is 04:37 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy