Re: I've modify CA.pl

[³¯«Â§»]

Raul:

> I run your CA.pl and it run fine, i have some doubt about it :((

I'm very happy to hear that. ^_^

> When i issue a certificate and create a file .p12 of it certificate, if i
> try to import this certificate in my IE 4.0 the IE 4.0 tell me that can't
> import it.

This is how I import .p12 in IE4.  IE5 is much easier.

(It's from a very helpful doc explaining PKCS#12 at
http://www.drh-consultancy.demon.co.uk/pkcs12faq.html, OpenSSL PKCS#12
program FAQ)

1. In IE4: View->Internet Options->Content->Personal->Import.  Then you'll
see
your newly imported certificate.
2. (I'm using a Traditional Chinese version of IE, maybe trasnlations will
be
different.) In Outlook Express: Tool->Account->Mail->Property->Security,
check Using S/MIME, select your newly imported certificate and set it up.
Note you have to set that you trust your signing CA first.

If you are using IE5, you can import certificates and set them up in one
place,
and don't need to switch between two programs.

BTW, if your IE is export restriction version, you have to set default_bits
= 512
in your openssl.cnf, [req] section.  That's why I was not able to import my
newly
created PKCS12 certificate into IE in the first place, but Netscape worked
just fine.

> I dont know what to do .. can you help me, i want to create Digital
> Certificate with OpenSSL that i can use whith IE 4.0 or 5.0 and Netscape
> Navigator, also i want to add some field to the Certificate, in what
section
> of openssl.cnf's file i can put the new field? Some person tell me thah i
> have to define it in  the section:

Sorry, I know nothing about it for I don't add any extra fields in my
certficates.

> [ new_oids ]
> # We can add new OIDs in here for use by 'ca' and 'req'.
> # Add a simple OID like this:
> # testoid1=1.2.3.4
> dnQualifier     = 2.5.4.46
> surName         = 2.5.4.4
>
> But i dont know what is the mean of 2.5.4.46 number. Can you explain me?

They are OID, Object ID, which I belive is from X.500 but need further
confirmations for I just begin studying those RFCs.  RFC2459 defines those.

If you want to know more, please refer RFC 2459, page 70, Appendix A.
Psuedo-ASN.1 Structures and OIDs.

> Thanks in advance

You're welcome. ^_^

Chen, Wei-Hon (plasma)
A rookie administrator


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]