Re: [PLUG] Fwd: Openssl config question

brent timothy saner on 24 Oct 2013 22:35:43 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Fwd: Openssl config question

From: brent timothy saner <brent.saner@gmail.com>
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] Fwd: Openssl config question
Date: Fri, 25 Oct 2013 01:35:32 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:openpgp:content-type:content-transfer-encoding; bh=kAtaUQg5veYJZxxDJogFmcqCckk/nVWw0YZzZpvcwrM=; b=aQVPZ1CMrSWOIwIf5XKpzt0S0tu1gX1BH8KgeBqgr5921CcCO1akLtUmaYRFqjE7nY RXpOc5AtsByclfAY/DTCttJw1r+pFOlz3MqPLCR6YvUHWqnZqFCVLWPuAI1Hw+vC2vQE Tw0alEMhD8pHc/KqjN4AADHHkhN6O7KTLiqK7LHwICegxyacfKOz8glboniYaYZ40jBm lBpLILotqb5zVIO8+6erWZ03e6IfNK6INtyI4MBsqXt5h7bebz7alIIte6RqXmG+oue7 qtTQvXLhpzP5CYGCLss+XCFb8eoZ5r7WBR7fSbgrLMURRazaoqfcNWaVWCtJmgzivnoo 9XlA==
Openpgp: id=832D950A
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: plug-bounces@lists.phillylinux.org
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/24/2013 09:53 PM, Michael Leone wrote:

> 1. How can I list the properties of my cert? 2. What other
> properties are there, and how do I tell openssl to include those
> other properties in the cert?
> 

1. openssl x509 -in -text /path/to/certificate.crt
this will give you...really, all the information you can get from the
certificate itself (so what RDS would see).
(see http://www.madboa.com/geek/openssl/ - hands down one of the best
openssl cheatsheets. i still use it regularly)

2. just some random suggestions:

- -have you tried tweaking the encoding/encryption algo/digest? i doubt
it'd matter, but worth a shot.

- -different bit lengths- perhaps RDS only supports 1024-bit, or only
4096-bit, etc.; not primarily a windows admin so i don't know off the
top of my head.

- -you can also try adding -nodes -sha1(or whatever) after the -x509
option. the -nodes option, besides being painfully and woefully not
documented well, tends to play tons more nicely with password-less
keys and key+crt files (plus some other stuff too). the -sha1
definitely should be supported by windows. i wouldn't stick with it
for production, but it'd let you know if the problem is arising from
trying to use an unsupported digest.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.21 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlJqAyQACgkQ8u2Zh4MtlQqokwCdHBg/3cohlrf2k4j99yShcxY3
g54AniPn8sU1fPHpXS0oc5RtTBQt+9NB
=vMpW
-----END PGP SIGNATURE-----
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- [PLUG] Openssl config question
  - From: Michael Leone <turgon@mike-leone.com>
- [PLUG] Fwd: Openssl config question
  - From: Michael Leone <turgon@mike-leone.com>

Prev by Date: Re: [PLUG] Linux Text to Speech
Next by Date: Re: [PLUG] Fwd: Openssl config question
Previous by thread: [PLUG] Fwd: Openssl config question
Next by thread: Re: [PLUG] Fwd: Openssl config question
Index(es):
- Date
- Thread