Hi all!
I have a question that makes me feel so confuse.
I have updated OPENSSL.rpm to openssl-0.9.8e-7.el5, and have a little
modify to openssl.cnf and CA scripts! The change like below:
The OPENSSL.cnf:
dir = ./demoCA # Where everything is kept
private_key = $dir/private/cakey.pem # The private key
RANDFILE = $dir/private/.rand # private random number file
default_days = 730
default_bits = 2048
The CA script
DAYS="-days 1825" # change to 5 years default 1 year
CATOP=./demoCA # default ../../CA
Add this line in script, when create newca it is more easy to create crl.pem
file.
echo "00" > ${CATOP}/crlnumber
After that, I create CA ,also create cert and key file for a windows
client. Like below:
openssl pkcs12 -export -in ./demoCA/cacert.pem -inkey
./demoCA/private/cakey.pem -out rootca.p12
openssl pkcs12 -export -in ./newcert.pem -inkey ./newkey.pem -out client.p12
Then copy these file on windows and import them via mmc, After I import the
rootca.p12 into Trusted Root Certificate issue organization and import
client.p12 into Personal, and refresh , when I double-click personal
certificate, there was an error always like below:
Because the certificate path in the certificate authority certificate does
not seem to approach the authority or can not be used as end-entity
certificate, the certificate is invalid
How to deal with this problem?
3ks and regards!
Shawn!
