Hi, I have used the JavaScript function generateCRMFRequest() to generate a certificate request. I've catched the result in a CGI Perl script. Second I've added "-----BEGIN CERTIFICATE REQUEST-----" and "-----END CERTIFICATE REQUEST-----" and write it down to a file.
Next I wish to sign it with 'openssl ca'. This will fail. The error message is after the command line: openssl ca -in req.p10 -out req.cer Using configuration from /usr/local/ssl/openssl.cnf Error reading certificate request in req.p10 1153:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:946: 1153:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:628: 1153:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1 error:tasn_dec.c:566:Field=version, Type=X509_REQ_INFO 1153:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1 error:tasn_dec.c:566:Field=req_info, Type=X509_REQ 1153:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:pem_oth.c:82: Who can give me some hints to solve this? I've coded a similar way for the MSIE. The xenroll.cab output a PKCS10 certificate request. This works fine with openssl ca. Where are the difference among CRMF and PKCS10? I've noticed that the PKCS10 is a little more greater than a CRMF request. Is this normal and what's the reason for this. Bye, Michael. _______________________________________________ mozilla-crypto mailing list mozilla-crypto@mozilla.org http://mail.mozilla.org/listinfo/mozilla-crypto
