Hello,
I have installed Openssl 0.9.8 in a Linux box. Then I've created my own
CA (CA.sh -newca).
Then, I create a certificate for a Windows machine, with CA.sh -newreq,
then CA.sh -sign to sign it. Then I convert them into PKCS12 format to
export to a Windows 2000 Professional machine. This p12 contains the
personal key and the server certificate:
/usr/local/ssl/misc# openssl pkcs12 -export -in newcert.pem -inkey
newkey.pem -certfile demoCA/cacert.pem -out /tmp/client.p12
(some howtos explain that the key is in newreq.pem, but I've checked
they are actually, at least for this version, in newkey.pem; actually if
I try the former command with newreq.pem it complains about the missing
private key).
Once under Windows, I import the file p12 under Root Certificate
Authorities; Windows 2000 considers valid such CA certificate for all
purposes.
Then, I import the p12 again as it contains the client key, under
Personal certificates. But when I double click in it, it says that the
certificate is invalid or the CA does not have authority to issue
certificates. Hence I cannot use IPSEC with this certificate, as IPSEC
complains of not having any valid certificate.
I've installed previously the High Encription package in Windows 2000
Professional box, so I don't understand the problem. The service pack is
SP4, which, I think, it's the last available version.
Any help?
Thanks,
JL
begin:vcard
fn;quoted-printable:Jos=C3=A9 Luis G=C3=B3mez
n;quoted-printable;quoted-printable:G=C3=B3mez;Jos=C3=A9 Luis
email;internet:[EMAIL PROTECTED]
x-mozilla-html:TRUE
version:2.1
end:vcard
