Henry Tumblin wrote:
>
> I was following the instructions in the openSSL faq about how to generate a
> DSA based CA and keys. It all worked fine, then I generated the pkcs#12
> file to import into a browser. When I tried to use it with Netscape, it
> worked fine. When I attempted to use it with IE, I get the following
> message from the import wizard: "The input information is invalid". I
> noticed that the pkcs#12 command has a couple of MS related switches, which
> I tried and had the same error. Has anyone gotten this to work? If so, what
> am I missing?
>
I don't know about 5.5 but IE 5.0 has minimal DSA support. If I recall
you could use Xenroll to create a DSA key and install a DSA certificate.
However you couldn't export it, do client authentication of S/MIME
signing with it. The fact that you couldn't export it led me to suspect
that the PKCS#12 routines didn't have support for DSA keys and so any
attempt to import one would be futile.
The most useful thing you could do with it was admire how pretty it
looked in the listbox :-)
So unless 5.5 has added more support the problem may simply be that it
doesn't support DSA certificates properly.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
