[EMAIL PROTECTED] wrote:
>
> The problem is Netscape's alias-key.db and alias-cert.db file format.
> Using Netscape utilities, you generate the key pair.
> The admin server has a link that will generate the CSR.
> You can cut and paste the CSR and submit it to a CA.
> When I tried to run it through OpenSSL, it complains about not being able
> to load the private key.
>
Then you are probably using the wrong command. The private key should be
one OpenSSL itself generates when you sign the request.
> If I use OpenSSL to generate the key, request, and certificate, I can try
> to install it,
> but I don't then have the necessary ability to install them as *.db files
> where Netscape expects them.
>
> I either need the ability to extract the Netscape server private key for
> signing the certificate using OpenSSL,
> or a db_load utility going back the other direction. Also, as a footnote,
> Netscape only uses 512 bits, not 1024.
>
Whats is normally done is this...
create a test CA using OpenSSL.
make a test certificate by signing the certificate request using the
test CA with OpenSSL.
install the test CA and the test certificate into the server.
trust the test CA in any client that needs to connect.
The OpenSSL side is explained in a number of places including the CA.pl
manual page. The Netscape server side I can't help you with.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
