Scott, You are correct. I'm using Windows XP SP2, and my root certificate was creating in SHA256, then I change openssl.conf to SHA1. Work perfect. thanks
Samuel Rios Carvalho On Fri, Oct 24, 2008 at 6:10 PM, Scott Rea <[EMAIL PROTECTED]> wrote: > For supported algorithms in Windows refer to : > http://msdn2.microsoft.com/en-us/library/aa375549(VS.85).aspx > > But NOTE: SP3 for XP which came out in May 2008 does provide XP with > SHA2 support > > -Scott >> >> On Fri, Oct 24, 2008 at 5:14 PM, Scott Rea <[EMAIL PROTECTED]> wrote: >> >>> I imported to Trusted Root Store on my XP Pro SP3 machine and it shows >>> up as trusted for me >>> It is an RSA based cert with SHA256 hashing for the signature, and my >>> Service Pack3 with all the latest patches handles that just fine >>> >>> No problems from my end with this certificate. This must be a client >>> configuration issue on your end. >>> >>> What version of Windows are you using? Are all the latest patches installed? >>> >>> -Scott >>> >>> Samuel Rios Carvalho wrote: >>> >>>> I'm sending my CA root certificate. >>>> Please, import it, and open it again. >>>> Windows don't recongnize it trusted. >>>> >>>> >>>> Samuel Rios Carvalho >>>> >>>> >>>> >>>> On Fri, Oct 24, 2008 at 4:30 PM, Scott Rea <[EMAIL PROTECTED]> wrote: >>>> >>>> >>>>> What do you mean by not recognizing self signed? >>>>> If it is a trust issue, edit the properties on the certificate (via IE >>>>> interface or MMC) to set what purposes the CA will be trusted for. >>>>> >>>>> NOTE: if you have an ECDSA Root, it may not be supported in your Windows >>>>> client. RSA based roots should work just fine - but again, may depend >>>>> upon which hashing algorithm you used e.g. SHA256 might not work unless >>>>> you have all latest updates applied >>>>> >>>>> -Scott >>>>> >>>>> Samuel Rios Carvalho wrote: >>>>> >>>>> >>>>>> I imported by MMC work. Certificate is in Trusted Root CA. But when I >>>>>> open root certificate, don't recognize self signed. >>>>>> >>>>>> some idea? >>>>>> >>>>>> Samuel Rios Carvalho >>>>>> >>>>>> >>>>>> >>>>>> On Fri, Oct 24, 2008 at 12:29 PM, Scott Rea <[EMAIL PROTECTED]> wrote: >>>>>> >>>>>> >>>>>> >>>>>>> This is an issue with IE - I am assuming you are running IE 7 - yes? >>>>>>> Try importing again but on the certificate store window of the wizard, >>>>>>> do not choose the automatic option - choose the 2nd option, browse, and >>>>>>> place in the Trusted Root CA store. (Depending on why you are trusting >>>>>>> the root, you may also want to choose "show physical stores" option in >>>>>>> the browse window and put into Local Computer Store of Trusted CA or >>>>>>> Registry - depending on why you are trusting it) >>>>>>> Alternatively - run the Certificates MMC and import the certificate >>>>>>> >>>>>>> _Scott >>>>>>> >>>>>>> Samuel Rios Carvalho wrote: >>>>>>> >>>>>>> >>>>>>> >>>>>>>> After create key pair, I go to "Self Signed CA Certificate (from >>>>>>>> altready generated request)" for create Root Certificate. >>>>>>>> >>>>>>>> But when I import in Internet Explorer, it recognize my certificate as >>>>>>>> Intermediate AC. >>>>>>>> >>>>>>>> some idea? >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Samuel Rios Carvalho >>>>>>>> >>>>>>>> ------------------------------------------------------------------------- >>>>>>>> This SF.Net email is sponsored by the Moblin Your Move Developer's >>>>>>>> challenge >>>>>>>> Build the coolest Linux based applications with Moblin SDK & win great >>>>>>>> prizes >>>>>>>> Grand prize is a trip for two to an Open Source event anywhere in the >>>>>>>> world >>>>>>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>>>>>>> _______________________________________________ >>>>>>>> Openca-Users mailing list >>>>>>>> Openca-Users@lists.sourceforge.net >>>>>>>> https://lists.sourceforge.net/lists/listinfo/openca-users >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> -- >>>>>>> Scott Rea >>>>>>> Director, HEBCA Operating Authority >>>>>>> Dartmouth College Sr PKI Architect >>>>>>> Peter Kiewit Computing Services >>>>>>> Dartmouth College >>>>>>> HB 6238, #058 Sudikoff >>>>>>> Hanover, NH 03755 >>>>>>> >>>>>>> Em: [EMAIL PROTECTED] >>>>>>> Ph#(603) 646-0968 >>>>>>> Ot#(603) 646-9181 >>>>>>> Ce#(603) 252-7339 >>>>>>> >>>>>>> >>>>>>> ------------------------------------------------------------------------- >>>>>>> This SF.Net email is sponsored by the Moblin Your Move Developer's >>>>>>> challenge >>>>>>> Build the coolest Linux based applications with Moblin SDK & win great >>>>>>> prizes >>>>>>> Grand prize is a trip for two to an Open Source event anywhere in the >>>>>>> world >>>>>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>>>>>> _______________________________________________ >>>>>>> Openca-Users mailing list >>>>>>> Openca-Users@lists.sourceforge.net >>>>>>> https://lists.sourceforge.net/lists/listinfo/openca-users >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> ------------------------------------------------------------------------- >>>>>> This SF.Net email is sponsored by the Moblin Your Move Developer's >>>>>> challenge >>>>>> Build the coolest Linux based applications with Moblin SDK & win great >>>>>> prizes >>>>>> Grand prize is a trip for two to an Open Source event anywhere in the >>>>>> world >>>>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>>>>> _______________________________________________ >>>>>> Openca-Users mailing list >>>>>> Openca-Users@lists.sourceforge.net >>>>>> https://lists.sourceforge.net/lists/listinfo/openca-users >>>>>> >>>>>> >>>>>> >>>>> -- >>>>> Scott Rea >>>>> Director, HEBCA Operating Authority >>>>> Dartmouth College Sr PKI Architect >>>>> Peter Kiewit Computing Services >>>>> Dartmouth College >>>>> HB 6238, #058 Sudikoff >>>>> Hanover, NH 03755 >>>>> >>>>> Em: [EMAIL PROTECTED] >>>>> Ph#(603) 646-0968 >>>>> Ot#(603) 646-9181 >>>>> Ce#(603) 252-7339 >>>>> >>>>> >>>>> ------------------------------------------------------------------------- >>>>> This SF.Net email is sponsored by the Moblin Your Move Developer's >>>>> challenge >>>>> Build the coolest Linux based applications with Moblin SDK & win great >>>>> prizes >>>>> Grand prize is a trip for two to an Open Source event anywhere in the >>>>> world >>>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>>>> _______________________________________________ >>>>> Openca-Users mailing list >>>>> Openca-Users@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/openca-users >>>>> >>>>> >>>>> ------------------------------------------------------------------------ >>>>> >>>>> ------------------------------------------------------------------------- >>>>> This SF.Net email is sponsored by the Moblin Your Move Developer's >>>>> challenge >>>>> Build the coolest Linux based applications with Moblin SDK & win great >>>>> prizes >>>>> Grand prize is a trip for two to an Open Source event anywhere in the >>>>> world >>>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>>>> ------------------------------------------------------------------------ >>>>> >>>>> _______________________________________________ >>>>> Openca-Users mailing list >>>>> Openca-Users@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/openca-users >>>>> >>>>> >>> -- >>> Scott Rea >>> Director, HEBCA Operating Authority >>> Dartmouth College Sr PKI Architect >>> Peter Kiewit Computing Services >>> Dartmouth College >>> HB 6238, #058 Sudikoff >>> Hanover, NH 03755 >>> >>> Em: [EMAIL PROTECTED] >>> Ph#(603) 646-0968 >>> Ot#(603) 646-9181 >>> Ce#(603) 252-7339 >>> >>> >>> ------------------------------------------------------------------------- >>> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge >>> Build the coolest Linux based applications with Moblin SDK & win great >>> prizes >>> Grand prize is a trip for two to an Open Source event anywhere in the world >>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>> _______________________________________________ >>> Openca-Users mailing list >>> Openca-Users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/openca-users >>> >>> >> >> ------------------------------------------------------------------------- >> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge >> Build the coolest Linux based applications with Moblin SDK & win great prizes >> Grand prize is a trip for two to an Open Source event anywhere in the world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> _______________________________________________ >> Openca-Users mailing list >> Openca-Users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/openca-users >> > > -- > Scott Rea > Director, HEBCA Operating Authority > Dartmouth College Sr PKI Architect > Peter Kiewit Computing Services > Dartmouth College > HB 6238, #058 Sudikoff > Hanover, NH 03755 > > Em: [EMAIL PROTECTED] > Ph#(603) 646-0968 > Ot#(603) 646-9181 > Ce#(603) 252-7339 > > > ------------------------------------------------------------------------- > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge > Build the coolest Linux based applications with Moblin SDK & win great prizes > Grand prize is a trip for two to an Open Source event anywhere in the world > http://moblin-contest.org/redirect.php?banner_id=100&url=/ > _______________________________________________ > Openca-Users mailing list > Openca-Users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openca-users > ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
