Any openssl experts out there ??

**dragon1952** · 07-13-2004 06:47 PM

This is a long shot , I know, but I have a PKI certificate with a sha1RSA signature algorithm that I need to convert to md5RSA. I don't know **** about openssl but I think it may be the 'x509' command. I need the exact syntax if possible.
On the fat chance anyone can help, thanks in advance! :D

**dlew308** · 07-13-2004 07:51 PM

google is your friend
http://www.mkssoftware.com/docs/man1/openssl_x509.1.asp

good luck

**F1nut** · 07-14-2004 01:34 AM

In English, please! ;)

**dragon1952** · 07-14-2004 02:04 AM

F1......I feel your pain. Unfortunately that was English :(

Thanks for the attempt dlew308, but I Google pretty well

Unfortunately I spent most of the afternoon at that same site and, although I think I came close, I was unsuccessful in deciphering the exact syntax required. They give examples of many other operations but only hint that you can perform the one I'm looking for and give you a thousand possible parameters to try and figure out. It's like a freakin' treasure hunt!

At this point I'm just looking for the easy way out by sponging off of someone else! :D

**dlew308** · 07-14-2004 02:28 AM

Let's see, you said PKI and are located in SoCal.
I hope this aint for a large healthcare company ;)

**dragon1952** · 07-14-2004 11:42 AM

Nope! This is the gov'ment ;)

**Strong Bad** · 07-14-2004 04:14 PM

PKI = Public Key Infrastructure. It's an encryption scheme, more or less, for transmitting data through a secured channel. All has to do with verifying who you are and who you're sending stuff to.

When you buy things off an internet site, they use PKI technology. Ever see a message come up from Versign? Yeppers, PKI at work there.

This is an area I have yet to dive head first into, but plan on in the coming year as it's become so prominent for our internet world.

Sorry I can't help with that DEEP DEEP question. :D

John

**dlew308** · 07-14-2004 05:19 PM

Yes we have PKI servers in at work.
They're locked up, console only access, private network. I don't know why we don't use them to generate ssl certs at work but that's not my group. Was real fun setting them up with Toilet & Douche as the auditors.

**dragon1952** · 07-14-2004 05:41 PM

Generally speaking, the ssl client and server certificates are generated from a third party (like Verisign or, as in the case of the government, a contracted certificate authority) and then web servers at your work are configured with the third party generated server certificate and enabled to accept client certificates from that same third party certificate authority, and even other trusted certificate authorities, at the discretion of management.

**dlew308** · 07-14-2004 05:44 PM

Sorry I was generalizing. I meant to generate ssl certs for internal usage. We have 1000s of web instances internally. We used to use pki to generate ssl certs. Now we get em from Comodo. The powers above didn't like Verisign's prices.

**dragon1952** · 07-14-2004 07:27 PM

Yeah...I see what you mean. We used to generate our own but then there was a mandate to use the goverment contractor. It's very simple and can definitely pay for itself. I used to use trial copies of certificate management software to generate certs that were good for a year. The next year I'd do the same thing.
:D
Now Windows 2000 and above has it pretty much built in.

Thread: Any openssl experts out there ??

Thread Tools

Any openssl experts out there ??

Thread Information

Users Browsing this Thread

Posting Permissions