On Jul 28, 2010, at 2:38 PM, Todd Oberly wrote:
> It's obviously asking for just a subset of what would typically go into a
> CSR. I tried generating several different CSR's with OpenSSL, containing
> various information (and then converting the files to Mac line endings), but
> the instructions seem to be right. Only the CSR I made on a friend's Mac was
> accepted. [...] It's also possible that I just missed the right combination,
> and trying again will make a CSR that works.
Well, I haven't tried submitting an OpenSSL-generated CSR to Apple, but the
CertificateAssistant-generated CSR looks pretty normal. I have a vague memory
that Apple's fussy about the key type; are you using a 2048-bit RSA key?
I ran asn1parse on a successfully-submitted-to-Apple CSR and I see this
structure:
[
version = v1
subject = { emailAddress = IA5STRING, commonName = UTF8STRING, countryName =
PRINTABLESTRING }
subjectPKInfo = [ [ rsaEncryption, NULL ], the usual key parameters,
e=65537, m ~ 2^2048 ]
attributes = empty sequence
]
signed using sha1WithRSAEncryption.
> I don't like mysteries, and don't being locked into one platform.
Understandable, though I think that once you're using Apple's notification
service for your iPhones, the way you generate your X.509 key is the least of
your lockin worries. :)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
