On Fri, May 29, 2009 at 10:21:16AM +0530, tito wrote:
> how to sign the CRMF request key i get in openssl ?
> if i am using keygen tag, i think it gives SPKAC format..can we sign SPKAC
> using openssl ?
> i am able to generate CRMF and SPKAC..but doesnt know how to sign those in
> openssl.please help me in regard with this..
>
hi,
i install test certificates with openssl this way:
first you need openssl CA set up.
generating the cert on the client is something like this:
<form method="post" action="/cgi-bin/ce1.php">
<keygen name="pubkey" challenge="">
<input type="submit" name="createcert" value="Generate">
</form>
c1.php is something like this:
#!/usr/bin/php-cgi
<?
$key = $_POST['pubkey'];
$keyreq = "SPKAC=".str_replace(str_split(" \t\n\r\0\x0B"), '', $key);
$keyreq .= "\nCN=luser";
print $keyreq
?>
in $keyreq you can stuff like "CN=luser" on new line.
save $keyreq to file spak1.txt on the CA.
in the openssl CA sign the req like this:
openssl ca -config ./openssl.cnf -verbose -days 180 -notext -batch -spkac
./spak1.txt -out spaksign.pem -passin pass:$YOURPASS
this will create the cert in newcerts/$number.pem
send $number.pem to the client with content type:
application/x-x509-user-cert
the certificate is installed in firefox.
--
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
