RE: outlook express

Tue, 17 Jun 2003 05:41:09 -0700

Hi,

 

� First, make sure that your openssl.cnf as the correct configuration. After that, your first step is to create a certification authority to sign user email certificate.

 

CA:

Openssl rand –out .rnd 1024

 

openssl req -new -x509 -keyout CA.key -out CA.crt -days 9132 -config openssl.cnf

 

User certificate :

��������

Openssl genrsa –rand rnd –out [you_key_filename].key –des3 1024���������������������� (create your private key)

 

openssl req –new –key� [your_key_filename].key –out [your_csr_filename].csr –config openssl.cnf� (create a certificate signin request)

 

(Now you have to enter all information for the certificate, match the common name with the email adresse of the user)

 

CA (signin)

 

openssl ca –config openssl.cnf –extensions [section_of_openssl_for_email_certificate] -policy policy_match -out NewCert.crt –notext –days 9132 -infiles [your_csr_filename].csr

 

 

Convert you new certificate to p12 format.

����������� openssl pkcs12 -export -in newcert.crt -out user_email_cert.p12 -name "My Certificate"

 

 

My openssl email certificate section

[ email ]

 

# These extensions are added when 'ca' signs a request.

 

# This goes against PKIX guidelines but some CAs do it and some software

# requires this to avoid interpreting an end user certificate as a CA.

 

basicConstraints=CA:FALSE

 

# Here are some examples of the usage of nsCertType. If it is omitted

# the certificate can be used for anything *except* object signing.

 

# For normal client use this is typical

nsCertType = client, email

 

# This is typical in keyUsage for a client certificate.

keyUsage = digitalSignature, keyEncipherment,dataEncipherment

 

extendedKeyUsage=emailProtection

 

# This will be displayed in Netscape's comment listbox.

nsComment������ ����������������������� = "Certificat S/MIME"

 

# PKIX recommendations harmless if included in all certificates.

subjectKeyIdentifier=hash

authorityKeyIdentifier=keyid,issuer:always

 

#nsCaRevocationUrl������������������ = http://www.domain.dom/ca-crl.pem

#nsBaseUrl

#nsRevocationUrl

#nsRenewalUrl

#nsCaPolicyUrl

#nsSslServerName

 

 

I hope this can help you. I’m almost new to SSL so if I’m doing wrong tell me, but as I know, that’s working for me ;o)

Bye

 

-------------------------------------------

Pascal Rodrigue

Analyste de l'informatique

Division de l'exploitation

Service de l'informatique et des t�l�communications

Pavillon Louis-Jacques-Casault, local 2410
Universit� Laval, Qu�bec, Canada,  G1K 7P4
[EMAIL PROTECTED]

 

"La vie n'est pas que la somme des obstacle que l'on rencontre � chaque jour. La vie, la vraie, c'est la mani�re dont on les franchit!"

 

Das Leben ist nicht nur die Summe des Hindernisses, da� man an jedem Tag begegnet. Das Leben, das wahre, ist es die Art, von der man sie �berquert!

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Emil Stanchev
Sent: 17 juin, 2003 08:17
To: [EMAIL PROTECTED]
Subject: outlook express

 

CAN SOMEBODY HELP?

 

Hi, I am a new to ssl and I am in desperate need to create a certificate for outlook express.

I tried hard with some SSL HOW TO and with a tutorial on a site called eclectica... something but outlook keeps rejecting the certificates I make.

 

I need the certificates for a small network on which users need just a little assurance nothing more.

 

10X in advance for any help provided.

 

BEGIN:VCARD
VERSION:2.1
N:Rodrigue;Pascal
FN:Pascal Rodrigue ([EMAIL PROTECTED])
ORG:Universit� Laval;SIT
TITLE:Analyste
TEL;WORK;VOICE:(418) 656-2131
KEY;X509;ENCODING=BASE64:
    MIIEUDCCA7mgAwIBAgIBAzANBgkqhkiG9w0BAQQFADCBwjELMAkGA1UEBhMCQ0ExDzANBgNV
    BAgTBlF1ZWJlYzETMBEGA1UEBxMKU2FpbnRlLUZveTEZMBcGA1UEChMQVW5pdmVyc2l0ZSBM
    YXZhbDEMMAoGA1UECxMDU0lUMTYwNAYDVQQDEy1DQSBsb2NhbGUgcG91ciBsZXMgc2VydmV1
    cnMgV2ViIE9yYWNsZSBkdSBTSVQxLDAqBgkqhkiG9w0BCQEWHVBhc2NhbC5Sb2RyaWd1ZUBz
    aXQudWxhdmFsLmNhMB4XDTAzMDUwOTEzMjQzM1oXDTI4MDUwOTEzMjQzM1owgZ0xCzAJBgNV
    BAYTAkNBMQ8wDQYDVQQIEwZRdWViZWMxGTAXBgNVBAoTEFVuaXZlcnNpdGUgTGF2YWwxDDAK
    BgNVBAsTA1NJVDEmMCQGA1UEAxQdUGFzY2FsLlJvZHJpZ3VlQHNpdC51bGF2YWwuY2ExLDAq
    BgkqhkiG9w0BCQEWHVBhc2NhbC5Sb2RyaWd1ZUBzaXQudWxhdmFsLmNhMIGfMA0GCSqGSIb3
    DQEBAQUAA4GNADCBiQKBgQCnQlRUQycnBLP1+D0XAR9Ps+ziuHF67NwFpmS84qbSNyt4gxfs
    QXYlOVhsFOrrwvyjeGL+HraKF0cjIDMGTTqrQUKv+f/pUjKWJGoaualzkfjEvrKq7ervJQb3
    uKZSOSJGRarS31DkbAjn5C43IhVZeanPHA9c33v6mj4W/hDdnwIDAQABo4IBdzCCAXMwCQYD
    VR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwCwYDVR0PBAQDAgSwMBMGA1UdJQQMMAoGCCsG
    AQUFBwMEMCAGCWCGSAGG+EIBDQQTFhFDZXJ0aWZpY2F0IFMvTUlNRTAdBgNVHQ4EFgQUw2H5
    7kZDHhdhNSTnVUO++yEZcGIwge8GA1UdIwSB5zCB5IAUSVnQK7u1H4OvERW+IIigwUY3wGSh
    gcikgcUwgcIxCzAJBgNVBAYTAkNBMQ8wDQYDVQQIEwZRdWViZWMxEzARBgNVBAcTClNhaW50
    ZS1Gb3kxGTAXBgNVBAoTEFVuaXZlcnNpdGUgTGF2YWwxDDAKBgNVBAsTA1NJVDE2MDQGA1UE
    AxMtQ0EgbG9jYWxlIHBvdXIgbGVzIHNlcnZldXJzIFdlYiBPcmFjbGUgZHUgU0lUMSwwKgYJ
    KoZIhvcNAQkBFh1QYXNjYWwuUm9kcmlndWVAc2l0LnVsYXZhbC5jYYIBADANBgkqhkiG9w0B
    AQQFAAOBgQCCT7hDTB4kDjFco21f5wps31OJV+vjR/5ZSlhCxWE6CiMu6YpLwP9QUl8f5xnv
    RvPnf0g6TCI6jstREatWSSNpboC9dhux9MYhtM5X43ljSHYAb69XCXe5PAOqnZJxMyvUsrVe
    6c3IGJhs9DVmpoQbKJ6v/xXmse+Rf5jSWRwrYw==


EMAIL;PREF;INTERNET:[EMAIL PROTECTED]
REV:20030616T190558Z
END:VCARD

Reply via email to