here is the %config variable to set the .co to what ever you like - i will be releasing the set of batchfiles right now - these are the batchfiles that i had created to set up the internal ca for out org distributed uder gpl ! you will want to see the sign server cert .bat in attachemnt ## -------------------------------------------------------- ## Copyright (c) 2000 Yeak Nai Siew, All Rights Reserved. ## Original UNIX / Linux / Solaris Version ## -------------------------------------------------------- ## Copyright (C) 2002 Aditya Deshmukh, All Rights Reserved. ## Ported to Windows ( 95/98/NT3/NT4/2K/XP ) ## * Increased default key size to 4096 from 1024 ## * Created some New Scripts -- see readme.txt ## -------------------------------------------------------- some desc about the bat files 1. ported the shell scripts to work on win32 as batch files the only requirment is to have openssl in path here is the bach file at the end of the message as attachments if u have any problem do get back to me i intend to port this back to linux *with* all the enchancements that i made wait for it for atleast some time like 3 months i intend to make this tool kit avilable on the follwing os 1. win32 ( win 95/98/2K/NT/XP ) - already working 2. linux 3. sunos basically any unix that has sh these batch files are a part of that toolkit we had developed our own ca with apache using php and openssl using these shell scripts and batch file on windows - best of luck for your venture -aditya ----- Original Message ----- From: "Tim Gustafson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, September 09, 2002 4:42 AM Subject: Request Policy Sections > Hello > > When the OpenSSL 'ca' command processes a CSR, you specify which policy > you want to match the CSR against. You can cause OpenSSL to drop certain > fields by simply not including them in the policy section of your > configuration file, and then those fields don't appear in the certificate. > That's great - but what if I want to specify a value for one of those > fields? That is, what if I want to make "Organization" always be the name > of my company, rather than whatever the requestor filled in when he > generated the request. Is this possible? I know Thawte does it for their > free e-mail certificates. > > Thanks. > > Tim > > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Tim Gustafson - [EMAIL PROTECTED] http://www.falconsoft.com/ > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > Share your knowledge - it's a way to achieve immortality. > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > > You need only two tools. WD-40 and duct tape. > If it doesn't move and it should, use WD-40. > If it moves and shouldn't, use the tape. > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ------------------------------------------------------------------------------------------------------------------------------
<<attachment: OK-sign-server-cert.bat>>
<<attachment: OK-new-server-cert.bat>>
<<attachment: OK-new-root-ca.bat>>
