=>From: "Mark E. Schoneman" <[EMAIL PROTECTED]>
=>...
=>Ok you got my curiosity up. We have Cisco, we've got openssl so I tried it.
=>[...]
=>Found a vaild cert but no request. What did you do different to find the
=>request?
The PIX sends a self-signed certificate instead of a certificate
request. You can still sign it with your own CA key to produce a
certificate that (I guess) is signed by both the PIX and you:
openssl ca -ss_cert pix-cert.in -out pix-cert.out -preserveDN
(This is the command I got from Matt Burgoon, who got it from somebody
else; I don't really know what all the options mean, but at least it
works!)
The problem now is turning that certificate into a PKCSmumble package
that the PIX can understand. I've made no progress on that front.
d.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
