On Wed, Oct 27, 2004, Ronan wrote: > > > > > >I'd suggest you use the CA.pl script instead. That should make things much > >easier. > > > > i have a csr (in pem format(by default)) and a key > > I want to sign the csr with my domains root CA >
Where is this root CA and key? If it has been created by OpenSSL you can concatenate the key and certificate into a PEM file and supply that new when you call CA.pl -newca. If the root CA and key are from some other source and managed by (for example) some Windows CA you are best sending the CSR to that and getting it to sign the result. > I want then to change it to pkcs12 format > CA.pl -pkcs12 will do that. > Finally i want to install it onto an Active Directory (win 2000 > advanced) machine so i can ssl to the AD > Now I can't help with AD.. > using the CA.pl and my current key and csr > > copy mycsr.csr to newreq.pem and run > > # /home/local/ssl/misc/CA.pl -sign > Signed certificate is in newcert.pem > > .... its not there is no newcert.pem > > is this what im after? Did it come up with any other error message before that? Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
