|
Method 1 worked great, you should add this to the online
documentation.
Thank you. From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of Ruth Kurniawati Sent: Thursday, May 26, 2005 10:18 AM To: 'InterMapper Discussion' Subject: RE: [IM-Talk] Windows Certificate Hi
Don: Currently InterMapper
will create an X509 CSR which Windows CA doesn’t accept. We will look into
adding support to generate PKCS10 CSR in a future version of InterMapper --
PKCS10 one of the formats that will be accepted by Windows
CA. For the time being,
please use one of the following methods:
Note that you have to
use the WebServer template in Windows CA to generate the certificate. Also, the
private key has to be unencrypted. The openssl command line tools can be used
generate the PKCS10 request and convert PKCS12 pfx file – please find a more
detailed steps at the end of this email. Regards, Ruth
Kurniawati Dartware,
LLC Method 1: create a
certificate request in PKCS10 format - Generate a
private key and a PKCS10 request file using openssl.
openssl req
-newkey rsa:1024 -keyout key.pem -keyform PEM -out req.pem -outform PEM
-nodes - Use req.pem to
request a certificate from Windows CA (use the advanced certificate request
option from the certsrv web page). Make sure that
you use the WebServer template. Lets call the certificate file cert.cer.
- Copy key.pem to
Intermapper Settings\Certificates directory (on Windows, InterMapper Settings
directory will be located under <Program Files>\InterMapper directory.
The private key
file should be named SSLCertificateKeyFile - Strip new line
characters from the certificate file (the openssl library that InterMapper uses
doesn’t accept these). You can use perl to remove the new lines:
type cert.cer
| perl -n -e "chomp; print $_ . \"\r\"" >
cert2.cer - Copy the certificate
file into InterMapper’s certificate directory as
SSLCertificateFile:
copy
cert2.cer “<Program Files>\InterMapper\InterMapper
Settings\Certificates\SSLCertificateFile” - Restart intermapper
service – on Windows, you can use the Service Manager applet or type the
following commands in a cmd window:
net stop
intermapper
net start
intermapper - If you have SSL
enabled in the server settings, you will see the following in the debug
log: Use
Certificate: <your certificate info> Not
Before: <number>Z, Not After: <number>Z Method 2: export a
webserver certificate from a Windows CA (note that this won’t work for Windows
2003 CA) - Open the Certificate
Manager applet
Choose Start/Run from the taskbar menu
Then
type: - Navigate to the
certificate that you’d like to export, right-click, and choose “All
Task/Export”, make sure that you also export the private key. Let’s call this
file webservercert.pfx. - Use openssl pkcs12
file utility to convert this file
openssl pkcs12 -in ./webservercert.pfx -out cert.txt
–nodes - Open the Server
Settings panel in InterMapper, navigate to the SSL Certificate section, and
click the “Upload new certificate” button. Either cut/paste
the content of cert.txt or browse to the file and click open. Press OK to accept
the certificate, the certificate info will be shown in the dialog
box. From:
[email protected] [mailto:[EMAIL PROTECTED]
On Behalf Of Levinson, Don
A. Has
anyone found a way to install a certificate created on a Microsoft Windows CA to
InterMapper?. |
Title: Windows Certificate
- [IM-Talk] Windows Certificate Levinson, Don A.
- RE: [IM-Talk] Windows Certificate Ruth Kurniawati
- RE: [IM-Talk] Windows Certificate Levinson, Don A.
- RE: [IM-Talk] Windows Certificate Ruth Kurniawati
