- Community Home
- >
- Servers and Operating Systems
- >
- Operating System - OpenVMS
- >
- SSl matters
-
-
Categories
- Topics
- Hybrid IT with Cloud
- Mobile & IoT
- IT for Data & Analytics
- Transformation
- Strategy and Technology
- Products
- Cloud
- Integrated Systems
- Networking
- Servers and Operating Systems
- Services
- Storage
- Company
- Events
- Partner Solutions and Certifications
- Welcome
- Welcome
- Announcements
- Tips and Tricks
- Feedback
-
Blogs
- Alliances
- Around the Storage Block
- Behind the scenes @ Labs
- Converged Data Center Infrastructure
- Digital Transformation
- Grounded in the Cloud
- HPE Careers
- HPE Storage Tech Insiders
- Infrastructure Insights
- Inspiring Progress
- Internet of Things (IoT)
- My Learning Certification
- Networking
- OEM Solutions
- Servers: The Right Compute
- Telecom IQ
- Transforming IT
-
Quick Links
- Community
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Contact
- Email us
- Tell us what you think
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Enterprise.nxt
- Marketplace
- Aruba Airheads Community
-
Categories
-
Forums
-
Blogs
-
InformationEnglish
SSl matters
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
01-25-2004 03:17 AM
01-25-2004 03:17 AM
SSl matters
SSl matters
However, it seems impossible to create a self-signed certificate. The key-file is created but no certificate file. No error message - until you ask to view the certificate: it simply doesn;t exist. Nowhere within the SSL-strcutures!
Creating a CA server doesn't succeed either. No certificates created!
Creating a certificate request fails to get past country name. Whatever I enter, it always gives me "invalid input". So I cannot get any further.
The documentation doesn't state anything either, or I've read over it.
Any hint of where I got wrong is appreciated...
Willem
OpenVMS Developer & System Manager
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
01-25-2004 03:52 AM
01-25-2004 03:52 AM
Re: SSl matters
Re: SSl matters
removed product SSL
removed directory (was installed on VMS$COMMON:SSL, so i removed this SSL.DIR and all below)
removed SYS$STARTUP:SSL$*.COM (startup and shutdown)
installed SSL again, to VMS$COMMON:[SSL] - the default location.
Creation of self-signed certificate Ok
Creation of CA certificate Ok
Creation of certificate request failes on country. Whatever i do, it tells me "Invalid input".
(I want to create my own CA on my webserver so I can control who gets access. These need a certificate as well. the manuals don't tell me how to achieve this...So I just have to try :-( )
Willem
OpenVMS Developer & System Manager
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
01-25-2004 04:13 AM
01-25-2004 04:13 AM
Re: SSl matters
Re: SSl matters
can you please report the exact commands you use and errors you receive (Obviously after obscuring any confidential information). I do have SSL up (for my OSU webserver) and would like to try and reproduce your problem.
Greetings, Martin
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
01-25-2004 06:49 PM
01-25-2004 06:49 PM
Re: SSl matters
Re: SSl matters
I used SSL$CERT_TOOL.COM - and by that, the different underlaying procedures, as supplied with the kit. I would expect them to work. I haven't tried the plain openssl executable - yet.
I also think the documentation is not very clear: how do I create my machine to be a certificate server? My assumption was the CA certificate, but now I doubt that's true....
OpenVMS Developer & System Manager
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
01-26-2004 04:09 AM
01-26-2004 04:09 AM
Re: SSl matters
Re: SSl matters
well this "tool" is not part of OpenSSL. Since it is made and supported by hp it might be a good idea to pick up the phone and bug them about it. Else you could try to find out what they do in the DCL. Once you got the command they try to execute I will be more than happy to test against a real OpenSSL installation.
Greetings, Martin
P.S. I really try to avoid my "hp has no clue about open source SW" soapbox here :-(
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
01-26-2004 07:47 AM
01-26-2004 07:47 AM
Re: SSl matters
Re: SSl matters
Since it is made and supported by hp it might be a good idea to pick up the phone and bug them about it.
Small user, no support contract (because far above budget) so they won't help.
GKW
I'll dig into the procedures then. No alternative, alas...
(I don't like soapbox here either)
OpenVMS Developer & System Manager
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
01-26-2004 08:55 AM
01-26-2004 08:55 AM
Re: SSl matters
Re: SSl matters
PROBLEM SOLVED
********************************
Problem is in SSL$RQST_CERT.COM where size of input is compared with data kept in configuration file. THIS FILE IS WRONG.
As far as I could find, in any configuration file, _countryname_upd is either "Y" of "N".
Where countryname_max is set this should be set to 2.
I changed that - and the problem was solved:
$ sea ssl$conf:ssl$cert.cnf;* _max
******************************
SSL$ROOT:[DEMOCA.CONF]SSL$CERT.CNF;2
countryName_max = 2
commonName_max = 64
emailAddress_max = 40
******************************
SSL$ROOT:[DEMOCA.CONF]SSL$CERT.CNF;1
countryName_max = '_countryName_upd'
commonName_max = 64
emailAddress_max = 40
$ sea ssl$conf:ssl$cert.cnf;* _upd
******************************
SSL$ROOT:[DEMOCA.CONF]SSL$CERT.CNF;1
countryName_max = '_countryName_upd'
$
With this change, I was able to create and sign a request. Well, now look how I can get it implemented and what's needed on the browser side.
OpenVMS Developer & System Manager
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
01-26-2004 02:02 PM
01-26-2004 02:02 PM
Re: SSl matters
Re: SSl matters
if you feel generous, please send mail to
OpenVMSSecurity@hp.com detailing your problem and the bug you have fixed. Maybe it will make it into the next hp SSL version.
Greetings, Martin
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2018 Hewlett Packard Enterprise Development LP