Pierre De Boeck wrote:
>
> Hello,
>
> I am trying since two days to insert my own root CA
> into the trusted CA store of IIS. I use, as advised
> by MS, the procedure described in SP4 involving the
> CertMgr wizard but with no success...
>
The simplest way to insert your CA cert from openssl is to generate che
cert in PEM encoding, then remove any text before the line
----- BEGIN
end remove any text after the last line of the certificate.
Rename it as myca.crt (this extension is associated to crypto stuff by
ms) and double click over it... The wizard open and you can install your
cert everywhere you want in the database of the certificates...
> By comparing the IIS list of trusted CA and the one
> corresponding to the local_machine "Root" system store,
> I see that they are the same except that my CA appears only
> in the second list and not in the IIS's.
>
As Miguel says, you must select directly from the wizard the store where
you want the cert...
> I join here a txt attachement containing a pretty-print view of
> of the content of the local_machine "Root" system store:
>
> - My root CA is the 15th of the list
>
> Has anyone an idea of someting wrong with my CA? The only thing
> that is unique to it is the use of the Netscape <NetscapeCertType>
> extension. Does IIS not support it?
>
As I know Microsoft doesn't support any Netscape extension (not so
strange ...)
Bye.
--
Dott. Sergio Rabellino
Technical Staff
Department of Computer Science
University of Torino (Italy)
Member of the Internet Society
http://www.di.unito.it/~rabser
Tel. +39-116706701
Fax. +39-11751603
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
