Re: A little help would be appreicated

On Wed, Mar 08, 2006, Stuart Halliday wrote: > > > Instead of manually entering commands use the CA.pl script instead. > > That is > > intended to just "do the right thing" when given some simple options. > > Don't > > use the CA.pl in the release version of 0.9.8 though: pick a recent > > snapsh

Re: A little help would be appreicated

> It looks like you are using the same key for the user certificates and > the CA! Oops. Sorry, I typed in the wrong key in the example. > Instead of manually entering commands use the CA.pl script instead. > That is > intended to just "do the right thing" when given some simple options. > Don

RE: A little help would be appreicated

little help would be appreicated On Wed, Mar 08, 2006, Stuart Halliday wrote: > > If it helps, here is how I generated the certs. > > 1st, the CA. > > openssl req -config openssl.cnf -new -x509 -keyout > ECS_CA/private/cakey.pem -out ECS_CA/cacert.pem -days 3650 > >

Re: A little help would be appreicated

On Wed, Mar 08, 2006, Stuart Halliday wrote: > > If it helps, here is how I generated the certs. > > 1st, the CA. > > openssl req -config openssl.cnf -new -x509 -keyout > ECS_CA/private/cakey.pem -out ECS_CA/cacert.pem -days 3650 > > > Then I used the following commands to generate the users

Re: A little help would be appreicated

On Wed, Mar 08, 2006 at 01:20:15PM +, Stuart Halliday wrote: > > When you create the user .P12 files, then include the CA certificate > > into it, i.e. > > use a certfile that contains the user cert and the self signed CA > > certificate. > > The p12 file contain thus the private key of a use

RE: A little help would be appreicated

> See the certificate subject (owner) and issuer: For a CA, these 2 > fields > will be same. For server cert, the issuer field will contain the DN of > the > signing authority - this CA, or any intermediate CA. Then I do have a CA type. The 'Issued to' and Issued from' fields are the same. ie: 'M

Re: A little help would be appreicated

> When you create the user .P12 files, then include the CA certificate > into it, i.e. > use a certfile that contains the user cert and the self signed CA > certificate. > The p12 file contain thus the private key of a user, the user's X509 > certificate > and the X509 certificate of the CA. Th

RE: A little help would be appreicated

Halliday Sent: Wednesday, March 08, 2006 5:06 PM To: openssl-users@openssl.org Subject: RE: A little help would be appreicated > Its not the server cert you need in the trusted certs store - it's the > CA root cert. Surely that's what I've got? I create

RE: A little help would be appreicated

> Its not the server cert you need in the trusted certs store - it's the > CA root cert. Surely that's what I've got? I created a CA cert I thought. __ OpenSSL Project http://www.openssl.org Us

RE: A little help would be appreicated

Its not the server cert you need in the trusted certs store - it's the CA root cert. And you'll need any intermediate CA certs in the regular CA store D. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stuart Halliday Ok, so I put into the Trusted Root