tl;dr Generate a certificate issued by own CA (see the script below) Here’s what I’ve found. Correct me where I’m wrong. There are CA’s (certificate authorities). They issue certificates (sign CSR’s) for other CA’s (intermediate CA’s), or servers (end entity certificates). Some of them are root authorities. They have self-signed certificates, issued by themselves. That … Read more
To cross compile openSHH for ARM (in my case a mini2440) I did following: Install arm cross compiler – (eg. what is arm-linux-gcc and how to install this in ubuntu) Download: Zlib OpenSSL OpenSSH Build Zlib: cd zlib-1.2.7 CC=arm-linux-gnueabi-gcc ./configure –prefix=$HOME/zlibArm make make install Build OpenSSL: export cross=arm-linux-gnueabi- cd openssl-1.0.1c ./Configure dist –prefix=$HOME/opensslArm make CC=”${cross}gcc” … Read more
On the official changelog page you provided, under Changes between 1.0.0h and 1.0.1 [14 Mar 2012] you can see Initial TLS v1.2 support. *) Add TLS v1.2 server support for client authentication. [Steve Henson] *) Add TLS v1.2 client side support for client authentication. Keep cache of handshake records longer as we don’t know the … Read more
This is a terrible answer (not very secure), but appears to be the current Microsoft official answer. Use “http.proxyStrictSSL”: false in your settings.json file. This should work to get around the issue of installing extensions inside a corporate network, but I’d recommend disabling the setting if you are going to be working from home/coffee shop … Read more
The openssl documentation says that file supplied as the -in argument must be in PEM format. Turns out that, contrary to the CA’s manual, the certificate returned by the CA which I stored in myCert.cer is not PEM format rather it is PKCS7. In order to create my .p12, I had to first convert the … Read more
Open the key file in Notepad++ and verify the encoding. If it says UTF-8-BOM then change it to UTF-8. Save the file and try again.
You are claiming your raw key is in OpenSSL’s DER format, which it isn’t. Also you are claming a private key is a public key, which it isn’t, and claiming it’s password-encrypted which is wrong either way: public keys are never encrypted and private keys in OpenSSL’s ‘traditional’ aka ‘legacy’ algorithm-specific DER formats (for ECC, … Read more
You can generate a public-private keypair with the genrsa context (the last number is the keylength in bits): openssl genrsa -out keypair.pem 2048 To extract the public part, use the rsa context: openssl rsa -in keypair.pem -pubout -out publickey.crt Finally, convert the original keypair to PKCS#8 format with the pkcs8 context: openssl pkcs8 -topk8 -inform … Read more
There are a couple ways to do this. First, instead of going into openssl command prompt mode, just enter everything on one command line from the Windows prompt: E:\> openssl x509 -pubkey -noout -in cert.pem > pubkey.pem If for some reason, you have to use the openssl command prompt, just enter everything up to the … Read more
No need to compile stuff. You can do the same with ssh-keygen: ssh-keygen -f pub1key.pub -i will read the public key in openssl format from pub1key.pub and output it in OpenSSH format. Note: In some cases you will need to specify the input format: ssh-keygen -f pub1key.pub -i -mPKCS8 From the ssh-keygen docs (From man … Read more