Re: AW: CSR signing

Thu, 28 Oct 2004 01:21:14 -0700



Dr. Stephen Henson wrote: 
On Wed, Oct 27, 2004, Ronan wrote:



I'd suggest you use the CA.pl script instead. That should make things much
easier.


i have a csr (in pem format(by default)) and a key

I want to sign the csr with my domains root CA



Where is this root CA and key? If it has been created by OpenSSL you can
concatenate the key and certificate into a PEM file and supply that new when
you call CA.pl -newca.

ok the root CA and key are stored on one machine / soalris.

the csr and key for the server i want to install the certificate on is also on this local machine.

so if i cat the root CA and the root key into a pem file and then run CA.pl -newca

what does this give me???


If the root CA and key are from some other source and managed by (for example)
some Windows CA you are best sending the CSR to that and getting it to sign
the result.


I want then to change it to pkcs12 format



CA.pl -pkcs12 will do that.

yeah i understand that bit


Finally i want to install it onto an Active Directory (win 2000 advanced) machine so i can ssl to the AD



Now I can't help with AD..


using the CA.pl and my current key and csr

copy mycsr.csr to newreq.pem and run

# /home/local/ssl/misc/CA.pl -sign
Signed certificate is in newcert.pem

.... its not there is no newcert.pem

is this what im after?


Did it come up with any other error message before that?
well im using openssl command line and it gives the following warning but still continues...

/usr/local/ssl/bin/openssl pkcs12 -export -in ronanscert.pem -out rtest.p12
unable to load 'random state'
This means that the random number generator has not been seeded
with much random data.
Consider setting the RANDFILE environment variable to point at a file that
'random' data can be kept in (the file will be overwritten).
Enter Export Password:
Verifying password - Enter Export Password:



any more help / clarification??



Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]


--
Regards

Ronan McGlue
==============
Analyst/Programmer
Information Services
Queens University Belfast
BT7 1NN
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to