hii thanx a lot Georgi...
im new to php..just for my info ,
> $keyreq = "SPKAC=".str_replace(str_split(" \t\n\r\0\x0B"), '', $key);
>
this code removes newline chars ??
i did generate the spkac string and put in openssl bin directory..but im
getting some error..probably due to my openssl CA setup
plz see my command here..
" openssl ca -config openssl.cnf -verbose -days 180 -notext -batch -spkac
spak1.txt -out spaksign.pem -passin pass:mypass "
C:\OpenSSL\bin>openssl ca -config openssl.cnf -verbose -days 180 -notext
> -batch -spkac spak1.txt -out spaksign.pem -passin pass:mypass
> Using configuration from openssl.cnf
> error loading the config file 'openssl.cnf'
> 796:error:02001002:system library:fopen:No such file or
> directory:.\crypto\bio\bss_file.c:126:fopen('openssl.cnf','rb')
> 796:error:2006D080:BIO routines:BIO_new_file:no such
> file:.\crypto\bio\bss_file.c:129:
> 796:error:0E078072:configuration file routines:DEF_LOAD:no such
> file:.\crypto\conf\conf_def.c:197:
>
my directory structure is
C:\OpenSSL
|
|-------------bin
|
|---openssl.exe
|---openssl.cfg
|---spak1.txt
|--- PEM(FOLDER)
|
|----demoCA etc.....
please tell me.. am i issuing some wrong command here ?
2009/5/29 Georgi Guninski <[email protected]>
> On Fri, May 29, 2009 at 10:21:16AM +0530, tito wrote:
> > how to sign the CRMF request key i get in openssl ?
> > if i am using keygen tag, i think it gives SPKAC format..can we sign
> SPKAC
> > using openssl ?
> > i am able to generate CRMF and SPKAC..but doesnt know how to sign those
> in
> > openssl.please help me in regard with this..
> >
>
> hi,
>
> i install test certificates with openssl this way:
>
> first you need openssl CA set up.
>
> generating the cert on the client is something like this:
>
> <form method="post" action="/cgi-bin/ce1.php">
> <keygen name="pubkey" challenge="">
> <input type="submit" name="createcert" value="Generate">
> </form>
>
>
> c1.php is something like this:
> #!/usr/bin/php-cgi
>
> <?
> $key = $_POST['pubkey'];
> $keyreq = "SPKAC=".str_replace(str_split(" \t\n\r\0\x0B"), '', $key);
> $keyreq .= "\nCN=luser";
> print $keyreq
> ?>
>
> in $keyreq you can stuff like "CN=luser" on new line.
>
> save $keyreq to file spak1.txt on the CA.
>
> in the openssl CA sign the req like this:
> openssl ca -config ./openssl.cnf -verbose -days 180 -notext -batch -spkac
> ./spak1.txt -out spaksign.pem -passin pass:$YOURPASS
>
> this will create the cert in newcerts/$number.pem
>
> send $number.pem to the client with content type:
> application/x-x509-user-cert
>
> the certificate is installed in firefox.
> --
> dev-tech-crypto mailing list
> [email protected]
> https://lists.mozilla.org/listinfo/dev-tech-crypto
>
--
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
