>A client certificate is built in five steps.
>1. Generate a public/private key pair
>2. Generate a certificate request with you public key
>3. Have your request signed by a CA
>4. Merge your private key and the signed certificate into a pkcs12 file
>5. Import this into your browser
>
>openssl provides support for all these steps.
>
>1. Generate a key pair
>openssl genrsa -des3 -out my.key
>
>2. Generate a certificate request with you public key
>openssl req -new -key my.key -out my.csr
>(Answer the following question for the certificate data)
>
>3. Have your request signed by a CA
>Send this request to a CA of your choice. How to build an own CA and
>how to sign request is perfectly described in the mod_ssl FAQ.
I've generated my tested CA and I've signed the my.csr file with
./sign.sh my.csr command
>
>4. Merge your private key and the signed certificate into a pkcs12 file
>The CA should then provide you with a signed certificate in either PEM,
>or DER Format. We assume PEM now and the file will be called my.crt
>To generate a pkcs12 file, type:
>openssl pkcs12 -inkey my.key -in my.crt -out my.p12 -name "My Name"
With this step I have this error:
10008:error:0D0FE007:asn1 encoding routines:d2i_PKCS12:expecting an asn1
sequence:p12_lib.c:85:address=1053344 offset=0
What's the problem?
Could you help me?
Thanks in advance
Ciao
Fabrizio
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
