As seen in subject a collegue of mine requested a Global ID
certificate from Verisign for Microsoft IIS, but we need to
use it with Apache + ModSSL + PHP on Win NT 4.0.
When we received the Verisign mail with the certificate I
thaught it was the same for Apache and I tried to install
it, but Apache+ModSSL complained it was a wrong certificate.
Investigating further on the Verisign Web site, they say that
for IIS to work fine I have to download a microsoft piece of
software "sgcinst.exe".
I downloaded it and I run it against the certificate Verisign
sent to us by e-mail.
the sintax for that utility is :
USAGE: sgcinst [-?] [-v] [-c] [-i] [-r] [-o outputfile] inputfile
Invalid Parameter: Input filename required.
-? This help message
-v Verbose output
-c Confirm - check to see if intermediate certificates were installed
-i Install intermediate certificate - requires Administrator privileges
-r File contains root certificate, ignore it
-o Name of server certificate to install with IIS' key manager
This tool does two things:
Install the intermediate certificates necessary for SGC to work properly
on a server. The intermediate certificates MUST be installed on EVERY
server.
Parse out the server certificate that the IIS' key manager needs to install.
sgcinst: Failed while processing parameters
so I issued the following command
sgcinst -v -i -o server.crt verisign.crt
where
verisign.crt is the e-mailed certificate
server.crt is the output certificate
I installed this generated certificate and everithing works fine except
for :
The CA that signed the certificate is not on the browsers list so browsers
(Netscape and IE) complain that they cannot recognize the CA.
I found that when I started the "sgcinst.exe" program it added something
on the Win NT registry, and it seems to be a new entry for the list of
CA which in my case is :
Issuer: O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign International Server
CA - Class 3,
OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
The question is:
Is there a mode of extracting the information about CA from the verisign.crt
or even from the registry to put it in the ca-bundle.crt ?
Any advice will be very appreciated.
-------------------------------------------------------------------
"On a day not different than the one now dawning, Leonardo drew the
first strokes of the Mona Lisa, Shakespeare wrote the first words
of Hamlet, and Beethoven began work on his Ninth Symphony."
And Windows98 Crashed!
-------------------------------------------------------------------
Francesco D'Inzeo
WinTech S.r.l.
Via Lisbona 7
35127 PADOVA (Italy)
Tel. (+39)-(0)49-8703033
Fax. (+39)-(0)49-8703045
e-mail [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
