Mario,
I have a demo DSA CA. What you must do is:
- create DSA parameters
- create a DSA key-pair
- modify the openssl.cnf for the CA
- create the self-signed CA certificate
- also modify openssl.cnf for the user (nothing DSA-related, I think)
- generate DSA parameters, key, cert-request
- sign the user certificate
here are some details:
For the CA openssl.cnf file:
[ CA_myca ]
default_md = sha1 # which md to use.
Signing the CA certificate must have the parameter '-sha1'.
A DSA signature will be made if you give a DSA keyfile with '-key'
The call to sign a user certificate:
openssl.exe ca -config openssl.cnf -name CA_myca -in request.pem -out
certificate.pem
Hope it helps!!!
Robert
-----Original Message-----
From: Mario Fabiano [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 23, 1999 7:24 AM
To: openssl users
Subject: DSA CA
I am trying to issue objectsign cetificates for JDK 1.2 keytool. I can
get a user certificate signing the CSR produced with keytool, but
unfortunately keytool refuses to import my CA root certificate. The
problem seems related to the lack, inside keytool, of a provider (a set
of Java classes) that supplies RSA support. Hence I want to try to
create a self signed CA that uses DSA keys and SHA1.
Can someone help me, please?
Otherwise, has someone already coped with such a problem?
Thank you in advance for any help.
--
Mario
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
