Dr. Stephen Henson wrote:
On Wed, Oct 27, 2004, Ronan wrote:
I'd suggest you use the CA.pl script instead. That should make things much easier.
i have a csr (in pem format(by default)) and a key
I want to sign the csr with my domains root CA
Where is this root CA and key? If it has been created by OpenSSL you can concatenate the key and certificate into a PEM file and supply that new when you call CA.pl -newca.
ok the root CA and key are stored on one machine / soalris.
the csr and key for the server i want to install the certificate on is also on this local machine.
so if i cat the root CA and the root key into a pem file and then run CA.pl -newca
what does this give me???
If the root CA and key are from some other source and managed by (for example) some Windows CA you are best sending the CSR to that and getting it to sign the result.
I want then to change it to pkcs12 format
CA.pl -pkcs12 will do that.
yeah i understand that bit
well im using openssl command line and it gives the following warning but still continues...
Finally i want to install it onto an Active Directory (win 2000 advanced) machine so i can ssl to the AD
Now I can't help with AD..
using the CA.pl and my current key and csr
copy mycsr.csr to newreq.pem and run
# /home/local/ssl/misc/CA.pl -sign Signed certificate is in newcert.pem
.... its not there is no newcert.pem
is this what im after?
Did it come up with any other error message before that?
/usr/local/ssl/bin/openssl pkcs12 -export -in ronanscert.pem -out rtest.p12 unable to load 'random state' This means that the random number generator has not been seeded with much random data. Consider setting the RANDFILE environment variable to point at a file that 'random' data can be kept in (the file will be overwritten). Enter Export Password: Verifying password - Enter Export Password:
any more help / clarification??
Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
-- Regards
Ronan McGlue ============== Analyst/Programmer Information Services Queens University Belfast BT7 1NN ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]