Signing external certs with local CA (fwd)

Dmitry Morozovsky Tue, 29 Jun 1999 00:07:32 -0700
Hello there,

I suppose this is question not directly regarding mod_ssl. 
However, maybe my faults reside somewhere deeper in process design, so I
forward my question here.

Thank you for any suggestions.

Sincerely,
D.Marck                                   [DM5020, DM268-RIPE, DM3-RIPN]
------------------------------------------------------------------------
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] ***
------------------------------------------------------------------------

---------- Forwarded message ----------
Date: Mon, 28 Jun 1999 21:25:46 +0400 (MSD)
From: Dmitry Morozovsky <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Signing external certs with local CA

Hello there,

I've set up local CA for internal use within our company. (together with
Apache/mod-ssl, surely)

Now i've starring at the very special problem: when user already have
personal cert from one of master CA, it seems to be "Right Thing" to use
this cert for authorization instead of making another local user
certificate. As I understand, the best way to use it -- sign existing cert
with local CA. Am I wrong at this stage?

If not, where am I wrong in the following process:
1. check user cert with apache against master CA bundle (worked)
2. export user cert data in pem format (done, x509 -text tells content of
the cert)
3. sign cert. this is problem point. trying to
        x509 -x509toreq -signkey marck.crt -in marck.crt -out new.pem
leads to:
Getting request Private Key
unable to load Private Key

Thank you in advance.


Sincerely,
D.Marck                                   [DM5020, DM268-RIPE, DM3-RIPN]
------------------------------------------------------------------------
*** Dmitry Morozovsky --- D.Marck --- Wild Woozle --- [EMAIL PROTECTED] ***
------------------------------------------------------------------------

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
Signing external certs with local CA (fwd)

Reply via email to
