On Wed, Mar 08, 2006, Stuart Halliday wrote:
>
> > Instead of manually entering commands use the CA.pl script instead.
> > That is
> > intended to just "do the right thing" when given some simple options.
> > Don't
> > use the CA.pl in the release version of 0.9.8 though: pick a recent
> > snapsh
> It looks like you are using the same key for the user certificates and
> the CA!
Oops. Sorry, I typed in the wrong key in the example.
> Instead of manually entering commands use the CA.pl script instead.
> That is
> intended to just "do the right thing" when given some simple options.
> Don
little help would be appreicated
On Wed, Mar 08, 2006, Stuart Halliday wrote:
>
> If it helps, here is how I generated the certs.
>
> 1st, the CA.
>
> openssl req -config openssl.cnf -new -x509 -keyout
> ECS_CA/private/cakey.pem -out ECS_CA/cacert.pem -days 3650
>
>
On Wed, Mar 08, 2006, Stuart Halliday wrote:
>
> If it helps, here is how I generated the certs.
>
> 1st, the CA.
>
> openssl req -config openssl.cnf -new -x509 -keyout
> ECS_CA/private/cakey.pem -out ECS_CA/cacert.pem -days 3650
>
>
> Then I used the following commands to generate the users
On Wed, Mar 08, 2006 at 01:20:15PM +, Stuart Halliday wrote:
> > When you create the user .P12 files, then include the CA certificate
> > into it, i.e.
> > use a certfile that contains the user cert and the self signed CA
> > certificate.
> > The p12 file contain thus the private key of a use
> See the certificate subject (owner) and issuer: For a CA, these 2
> fields
> will be same. For server cert, the issuer field will contain the DN of
> the
> signing authority - this CA, or any intermediate CA.
Then I do have a CA type.
The 'Issued to' and Issued from' fields are the same.
ie: 'M
> When you create the user .P12 files, then include the CA certificate
> into it, i.e.
> use a certfile that contains the user cert and the self signed CA
> certificate.
> The p12 file contain thus the private key of a user, the user's X509
> certificate
> and the X509 certificate of the CA.
Th
Halliday
Sent: Wednesday, March 08, 2006 5:06 PM
To: openssl-users@openssl.org
Subject: RE: A little help would be appreicated
> Its not the server cert you need in the trusted certs store - it's the
> CA root cert.
Surely that's what I've got?
I create
> Its not the server cert you need in the trusted certs store - it's the
> CA root cert.
Surely that's what I've got?
I created a CA cert I thought.
__
OpenSSL Project http://www.openssl.org
Us
Its not the server cert you need in the trusted certs store - it's the CA
root cert.
And you'll need any intermediate CA certs in the regular CA store
D.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Stuart Halliday
Ok, so I put into the Trusted Root
10 matches
Mail list logo