Re: How to use Netscape-generated keys?

Tue, 27 Apr 1999 10:27:19 -0700 

Phil Tracy wrote:

> For test purposes, I'd like to create my own CA.  I've already used openssl
> to set up the CA.  I can generate a CSR, then use pkcs12 to export the keys
> and certificate.  So far, so good.
>
> What'd I'd rather do is use the <kengen> tag inside an HTML form for my
> Netscape browser, then create a certificate signing request based on that
> (and other) info to feed into the CA.
>

       try with "ca -spkac" option once yoy have the information about the
"requester"
of the certificate,  it should be something like that:

     ca -spkac data_of_the_requester -key  your CA key  -batch   >
certificate_file

    where the file data_of_the_requester is somthing like  this:



countryName = ES
stateOrProvinceName = MADRID
localityName = BOADILLA DEL MONTE
organizationName = UNIVERSIDAD POLITECNICA DE MADRID
organizationalUnitName = DLSIIS
commonName = Juan Pablo Rojas Jimenez
Email = [EMAIL PROTECTED]
SPKAC= THE PUBLIC KEY GENERATED BY NETSCAPE ( OR IE ) WITH KEYGEN

    I hope this will help you.

    Bye.




>
> I've accomplished the 1st half of this -- I can read the contents of the
> submitted form and base64-decode what Netscape calls the
> SignedPublicKeyAndChallenge, but I don't know what to do with it after that.
>
> This chunk of DER-encoded data is apparently not (just) an RSA key, nor is
> it obviously a full CSR.  What is it, exactly?  And is there any way I can
> use openssl (or some other utility) to massage it into a CSR which I can
> sign and return to the browser?  How do the folks at Verisign, Thawte, et
> al. do it?
>
> Thanks.
> --
> Phil Tracy
> Northwestern University, Evanston, IL   USA
> mailto:[EMAIL PROTECTED]    http://dopey.at.nwu.edu/tracy/
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]

begin:vcard 
n:Rojas Jimenez;Juan Pablo
x-mozilla-html:FALSE
org:Faculad de Inform�tica;DDpto. de Lenguajes y Sistemas Infotm�ticos.
adr:;;;;;;
version:2.1
email;internet:[EMAIL PROTECTED]
title:Laboratorio de Teleinform�tica
x-mozilla-cpt:;-31968
fn:Juan Pablo Rojas Jimenez
end:vcard

Reply via email to