On Mon, Dec 09, 2002, wen ding wrote:
hi,
I try to use openssl to issue and manage certificates for internal usage.
I generated CA ROOT certificate with utility from openssl and issued server
certificate signed by the CA ROOT. The server certificate and CA ROOT worked
very well with iplanet fasttrack 4.1, a early version web server from sun.
After that I tried to use it with iplanet enterprise 5.5, the server
certificate can be installed sucessfully. But the CA ROOT certificate can be
recognized by iplanet enterprise 5.5, but when I tried to add it, the system
failed with the message:
Incorrect Usage:Invalid certificate
The server could not import one of the certificates.
I found all ROOT CA from commerical CA can cooperate well with iplanet
enterprise and in version field of all certificates from commericial CA 'V3'
indicates that X509 version 3. In all certificates issued from openssl, the
version field is filled with 'V1'. There are also other differences, such as
fields issuing organization key id and subject key id do not exist in
certificates from openssl.
Besides the problem as stated above, the crl generated from openssl either
can not work under iplanet enterprise and its version is also 'V1' while
revocation list from commericial product is 'V3'.
As i am a newbie in using openssl, i welcome anyone provide me with any
advice. Thanks in advance.
My email is [EMAIL PROTECTED]
Great thanks!
dingwen from China
You haven't mentioned what technique you used to generate the certificates
with OpenSSL. If you'd used CA.pl (see manual page) it would create V3
certificates and include the extensions you mention.
OpenSSL by default creates V1 CRLs because some versions of Netscape chokes on
them. By adding extensions it can create a V2 CRL. Not sure what you mean by a
V3 CRL do you have an example you could post?
Steve.
--
Dr. Stephen Henson [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~steve/
__
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]