I'm almost there!!!! I generated the keys IN the token, than imported the certificate into the token (with IE) and it worked fine!!!! I installed Netscape 4.79 and now I can sign the requests with a Linux system!!!! But I still have one question: Is it not a strong security failure to use such an old version of Netscape? Maybe it is not a big problem if the browser and the CA are in the same machine, but I really don't know.... what do you think about it?
And one more question:
When I try to use the button "Download onto token" at an already generated certificate (with IE), I get the error:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, [EMAIL PROTECTED] and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Apache/2.0.45 (Unix) mod_ssl/2.0.45 OpenSSL/0.9.7a Server at cateste.ztec Port 443
Do you know what it could be?
Thanks again for your help!!!!!
Patricia
Chris Covell escreveu:
Pat, On Wednesday 10 December 2003 22:38, Patricia wrote:Again, I am not really sure what this function is for. I have used all sorts of tokens (GEP, Rainbow, Activcard etc) but I create the keys and CSR on the token using the RA public interface and it has always worked.I use Rainbow with IE and I receive the message:Error 690 Configuration Error: Missing Configuration keyword DN_TYPE_token_KEYGEN_MODE It really doesn't exist at pub.conf. Which parameter should I use at this configuration?OK, putting certificates onto tokens is not an OpenCA configuration. You need to make sure you have the correct CSP installed in your IE, you will get this in the driver software with your token. Browse to the public interface and "request a certificate". Fill in the form (put passwords in but they are not used) and continue. On the next page (ie_confirm) you will have the chance to select your CSP (cryptographic service provider) this is the key to getting the token to generate the key pair and request (***IMPORTANT*** You token must be initialised prior to this point). You will be asked to enter your token PIN. The token will then generate the key pair, and certificate request, pass it back to the server which will give you a request number. Chris... ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
smime.p7s
Description: S/MIME Cryptographic Signature
