Thanks for that response. Sorry for the additional fwd-emails on this. Wasn't sure if it was getting through. ;) I'll be sure to keep it as 1 email next time.
As for its use, does this example work? ... openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -CSP 'Microsoft RSA SChannel Cryptographic Provider' And is this particular arg used when generating a pkcs12 only? ?? Thanks! >>> "Dr. Stephen Henson" <st...@openssl.org> 9/5/2010 9:48 AM >>> On Fri, Sep 03, 2010, Andy GOKTAS wrote: > Hello, > > I'm using openSSL 1.0.0a to generate certificates for our Microsoft Windows > environment - LDAP over SSL required on Domain Controllers. > > You'll notice here: http://support.microsoft.com/kb/321051 that the > following is required: "You must use the Schannel cryptographic service > provider (CSP) to generate the key." > Then I found: http://wiki.cacert.org/DomainController that lead to one more > site: http://www.cs.bham.ac.uk/~smp/projects/peap/ > > No I'm sure that this part is critical for what I'm needing, but openSSL > (0.9.8 versions) don't (by default) have the patch I require. > > My questions are: > - Was this added in openSSL 1.0? > - Based on: http://www.cs.bham.ac.uk/~smp/projects/peap/ , does this seem > like it's easy to add to the configuration of openSSL (which I know know how > to do, some programmers information would be truly appreciated. :))? > - Would this break anything else with openSSL (or is it dangerous to apply > this patch?)? > Equivalent functionality is now as standard in OpenSSL 1.0.0 and later using the same command line format too. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
