Hi,
I have to use MS Certificate Services configured on a Windows machine
outside of my company
My CA have to be subordinate to the CA on this MS Certificate Server
(which would be the ROOT CA for my CA) and
I want my CA can generate his own certificates.
So, I created a certificate request on the my FreeBSD CA server (FreeBSD
some.domain 5.4-STABLE FreeBSD 5.4-STABLE #1)
and submitted via mail to MS Certificate Server and after that I got a
new CA certificate file. My OpenSSL is 0.9.7e-p1 25 Oct 2004
my submit was: openssl req -new -newkey -nodes -keyout server.key -out
request.pem
But, it appears that the certificate that got created by MS Certificate
Services is not properly configured as a CA certificate.
When I create a client certificate with my CA and install it on client
machine I can see the path from the certificate to the
ROOT CA, but with yellow triangle on my public CA cert. Click on it in
the chain, it says that:
"This certification authority does not appear to be allowed to issue
certificates or cannot be used as an end entity certificate".
My question is which option I should use when generate request for my
root subordinate CA and then sign my own certificates to use in my
comapany ? some in basic constraints or KeyUsage option I guess ?!?
Thanks in advance and excuse me for my bad English
D.Trandov
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"