I know the OpenSSL equivalent of most of these fields, and I have tried
to guess the last one, see below.
On 9/21/2011 1:05 AM, Matthew F. Hymowitz wrote:
We are trying to set up of VPN tunnel using IKE v2 between a windows
2008 VPN server and a linux machine running strongswan. We are trying
to do this using machine certificates. We are using a Windows 2008
r2 private certificate authority. I am not sure how to generate the
CSR in openssl for a machine certificate. In windows land we put
information about the certificate into a .inf file with following
content:
[NewRequest]
Subject="CN=MACHINE.DOMAIN.COM"
The CN specified in input to "openssl req"
Exportable=TRUE
"openssl req" option "-keyout filename.key"
KeyLength=2048
"openssl req" option "-newkey rsa:2048"
KeySpec=1
Ignore (I think)
KeyUsage=0xF0
OpenSSL Config file option
"keyusage=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment"
(I am not entirely sure of this one, I guessed 0xF0 represented bits 0
to 7 of
this property, with the most significant bit being bit 0)
MachineKeySet=TRUE
"openssl req" option "-keyout filename.key"
RequestType=CMC
"openssl req"
ProviderName="Microsoft RSA SChannel Cryptographic Provider"
Ignore, just specifies the "engine" to use with Microsoft CryptoAPI
ProviderType=12
Ignore, just specifies the "engine" to use with Microsoft CryptoAPI
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1
OID=1.3.6.1.5.5.7.3.2
OID=1.3.6.1.5.5.8.2.2
OpenSSL Config file option
"extendedKeyUsage=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.8.2.2"
[RequestAttributes]
SAN="dns:MACHINE.DOMAIN.COM"
OpenSSL Config file option "subjectAltName=dns:MACHINE.DOMAIN.COM"
This inf file is then used as input to the CSR.
Can I/How would I/ tell open SSL to generate an equivalent CSR. Any
insight someong could provide would be much appreciated.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org