<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<br>
<br>
<div class="moz-cite-prefix">On 09/27/2017 08:07 AM, Stuart Marsden
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:0A422AA3-921B-442C-836D-D5FC167911AC@myphones.com">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<div class="">Hi</div>
<div class=""><br class="">
</div>
<div class="">I think I know what you are going to say - MD5?</div>
</blockquote>
<br>
Lots of problems with that cert. If you have some connection with
the vendor, have them read IEEE 802.1AR-2009 standard for Device
Identity credentials. You will be supporting this phone different
from those that follow the standard.<br>
<br>
<blockquote type="cite"
cite="mid:0A422AA3-921B-442C-836D-D5FC167911AC@myphones.com">
<div class=""><br class="">
</div>
<div class="">I ran openssl s_server -verify , then ran the x509
command as you suggested using the captured client certificate</div>
<div class=""><br class="">
</div>
<div class="">This phone model has only just gone into production,
and I am using a "preview version" of the hardware</div>
<div class=""><br class="">
</div>
<div class="">Is there a way a can install a version of openssl
on a dedicated standalone Centos 7 server which will support
these phones?</div>
</blockquote>
<br>
I run Centos7 on arm platforms There are lots of ways to run
dedicated C7 servers. Talk about this on the Centos-user or
Centos-arm list.<br>
<br>
<blockquote type="cite"
cite="mid:0A422AA3-921B-442C-836D-D5FC167911AC@myphones.com">
<div class=""><br class="">
</div>
<div class="">That would be preferable to me than having to leave
Centos 6 servers just for this</div>
</blockquote>
<br>
A lot of years until EOL for Centos6. They just did it for C5...<br>
<br>
<blockquote type="cite"
cite="mid:0A422AA3-921B-442C-836D-D5FC167911AC@myphones.com">
<div class=""><br class="">
</div>
<div class="">Thanks everyone for your help sofar </div>
<div class=""><br class="">
</div>
<div class="">Stuart</div>
<div class=""><br class="">
</div>
<div class=""><br class="">
</div>
<div class="">
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">openssl x509 -noout -text -in
yealink.pem </span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">Certificate:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class=""> Data:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class=""> Version: 3 (0x2)</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class=""> Serial Number:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
30:30:31:35:36:35:63:38:62:65:36:66</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class=""> Signature Algorithm:
md5WithRSAEncryption</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class=""> Issuer: C=CN,
ST=Fujian, L=Xiamen, O=Yealink Network Technology Co.,Ltd.,
OU=<a href="http://yealink.com" class=""
moz-do-not-send="true">yealink.com</a>, CN=Yealink
Equipment Issuing <a
href="mailto:CA/emailAddress=support@yealink.com" class=""
moz-do-not-send="true">CA/emailAddress=support@yealink.com</a></span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class=""> Validity</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class=""> Not Before: Mar
1 00:00:00 2014 GMT</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class=""> Not After : Feb
24 00:00:00 2034 GMT</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class=""> Subject: C=CN,
ST=Fujian, L=Xiamen, O=Yealink Network Technology Co.,Ltd.,
OU=Yealink Equipment, <a
href="mailto:CN=001565c8be6f/emailAddress=support@yealink.com"
class="" moz-do-not-send="true">CN=001565c8be6f/emailAddress=support@yealink.com</a></span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class=""> Subject Public Key
Info:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class=""> Public Key
Algorithm: rsaEncryption</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class=""> Public-Key:
(1024 bit)</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class=""> Modulus:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
00:e9:22:52:1a:47:bf:06:4d:2e:86:4f:61:5e:f8:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
70:47:7f:c7:7d:4d:1e:b7:9f:0d:38:d2:79:8e:e9:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
47:88:f3:f1:dd:75:d0:b3:d7:72:da:aa:e8:72:12:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
7e:67:5c:c1:63:f3:6e:54:48:f7:46:a8:1c:fe:6a:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
96:13:87:31:68:bb:89:98:b5:45:8d:c2:ef:24:a0:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
47:7c:bf:20:d6:88:6b:95:4b:3a:f4:90:ec:a1:b2:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
8a:4e:f9:2a:01:02:ba:f9:7f:52:b7:5f:71:18:d4:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
40:74:56:75:94:e1:2e:ed:87:69:5a:33:ca:51:45:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
06:ce:5e:5d:f1:ff:c1:5f:2f</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class=""> Exponent:
65537 (0x10001)</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class=""> Signature Algorithm:
md5WithRSAEncryption</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
74:a9:f7:02:52:51:86:c9:09:15:c9:2e:32:1b:29:81:b6:d0:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
a9:7a:88:61:5a:fe:22:3e:6d:68:e3:71:64:e2:12:1f:5a:0e:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
35:54:19:b8:4a:e5:a1:70:27:0f:3b:99:ae:db:d1:bc:77:39:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
22:0a:4d:71:a9:08:ca:c4:e0:28:a6:a0:e4:bc:9d:56:c1:ad:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
49:4b:5c:70:b2:a7:e8:64:ef:fa:fa:c0:1c:89:92:63:c5:67:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
55:ab:d9:65:57:4b:a8:6e:59:a6:d3:4b:ff:9b:27:8b:0e:ea:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
ac:71:de:6c:5d:97:c7:78:17:40:4b:03:79:81:1b:02:31:6c:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
fa:01:4a:c2:e2:c2:d6:14:4c:ff:9a:1c:41:ed:14:c2:eb:b4:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
f5:1b:db:06:d7:1f:e3:bc:69:d0:f7:d6:8e:13:db:7b:f1:15:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
5c:11:b9:18:56:6b:d3:0f:96:20:99:a3:19:01:83:9a:f2:65:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
4d:7d:6b:41:92:d2:d1:4d:40:74:b7:8b:a8:54:ba:bf:b0:04:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
0e:a0:45:5b:62:c1:0e:7b:48:7d:c8:96:62:99:50:e7:44:b1:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
8a:01:e0:ec:b7:42:6c:3d:52:16:70:3b:0f:e6:e3:31:8b:31:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
ee:62:fd:fd:3c:94:90:04:05:99:7b:b2:c0:41:8f:92:05:db:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
46:a6:2d:ed:ba:e5:70:61:45:52:a4:f0:97:54:cf:75:9d:8b:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
f9:89:f2:01:0e:7f:f7:b6:1f:1c:03:56:a6:cc:d0:00:99:b9:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
f1:e3:6b:18:d5:69:46:38:a3:23:ba:f3:76:08:ff:02:bc:15:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
df:91:67:6e:94:62:35:34:a2:fa:d3:33:01:da:00:b6:07:4c:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
89:7e:f3:98:dc:81:e5:0f:4a:19:ea:fe:91:02:3a:9d:22:25:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
a9:38:f8:2f:91:ca:09:e1:6c:12:b2:68:a6:a2:af:8b:41:f7:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
61:e5:40:2f:98:60:18:10:90:af:55:50:8a:31:2d:17:82:d2:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
13:cf:27:5b:fa:c8:ee:74:e1:98:00:26:56:24:68:38:b4:e3:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
21:ee:3c:8b:16:32:72:93:fc:3b:0f:13:9a:b1:97:e8:6e:ca:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
33:00:ee:7b:30:7c:e2:e7:14:99:a0:5f:f1:f9:95:1f:fc:5c:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
17:79:33:2a:f1:fd:89:6e:50:d8:d7:8d:05:95:3f:11:72:c7:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
69:e8:0f:4c:82:7b:9d:26:86:04:60:b2:3b:24:76:4a:34:c6:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
87:ef:e6:e7:8b:53:98:de:f4:cc:d8:39:b2:2d:ea:09:a4:80:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
f3:c2:d7:bd:6f:7b:7d:4c:35:b2:23:ca:56:fc:5b:6d:08:05:</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><span style="font-variant-ligatures:
no-common-ligatures;" class="">
6b:11:bd:c6:4b:92:4f:46</span></div>
<div style="margin: 0px; font-size: 11px; line-height: normal;
font-family: Menlo; background-color: rgb(255, 255, 255);"
class=""><br class="">
</div>
</div>
<br class="">
<div>
<blockquote type="cite" class="">
<div class="">On 27 Sep 2017, at 01:04, Kyle Hamilton <<a
href="mailto:aerowolf@gmail.com" class=""
moz-do-not-send="true">aerowolf@gmail.com</a>> wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div class="">openssl x509 -noout -text -in
clientcertificate.pem<br class="">
<br class="">
You may need to extract the client certificate from
wireshark, but you<br class="">
could also get it from openssl s_server.<br class="">
<br class="">
Specifically, that error message is suggesting that
there's a message<br class="">
digest encoded into the certificate which is unknown to
the trust<br class="">
path.<br class="">
<br class="">
Chances are, it's probably MD5. MD5 was broken a long
time ago, and<br class="">
is no longer trustworthy. (SHA1 is also a possibility,
but it was<br class="">
made unacceptable a lot more recently.)<br class="">
<br class="">
-Kyle H<br class="">
<br class="">
<br class="">
On Tue, Sep 26, 2017 at 8:56 AM, Stuart Marsden <<a
href="mailto:stuart@myphones.com" class=""
moz-do-not-send="true">stuart@myphones.com</a>>
wrote:<br class="">
<blockquote type="cite" class="">Sorry how can I tell ?<br
class="">
<br class="">
I can run a wireshark if necessary<br class="">
<br class="">
thanks<br class="">
<br class="">
<br class="">
<blockquote type="cite" class="">On 26 Sep 2017, at
16:36, Wouter Verhelst <<a
href="mailto:wouter.verhelst@fedict.be" class=""
moz-do-not-send="true">wouter.verhelst@fedict.be</a>>
wrote:<br class="">
<br class="">
On 26-09-17 17:26, Stuart Marsden wrote:<br class="">
<blockquote type="cite" class="">[ssl:info] [pid 1611]
SSL Library Error: error:0D0C50A1:asn1 encoding
routines:ASN1_item_verify:unknown message digest
algorithm<br class="">
</blockquote>
<br class="">
So which message digest algorithm is the client trying
to use?<br class="">
<br class="">
--<br class="">
Wouter Verhelst<br class="">
--<br class="">
openssl-users mailing list<br class="">
To unsubscribe: <a
href="https://mta.openssl.org/mailman/listinfo/openssl-users"
class="" moz-do-not-send="true">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br
class="">
<br class="">
</blockquote>
<br class="">
<br class="">
--<br class="">
openssl-users mailing list<br class="">
To unsubscribe: <a
href="https://mta.openssl.org/mailman/listinfo/openssl-users"
class="" moz-do-not-send="true">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br
class="">
</blockquote>
-- <br class="">
openssl-users mailing list<br class="">
To unsubscribe: <a
href="https://mta.openssl.org/mailman/listinfo/openssl-users"
class="" moz-do-not-send="true">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br
class="">
<br class="">
</div>
</div>
</blockquote>
</div>
<br class="">
<br class="">
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>