Hi,
I'm trying to implement a client certificate signing server for MSIE
4.0.
I use SSLeay 0.8.1 and the perl script from Martin Ouwehand at
http://slwww.epfl.ch/SIC/SL/CA/genReq-script.txt.
Well,
I obtain this certificate request
-----BEGIN CERTIFICATE REQUEST-----
MIIBeTCCAScCAQAwgYsxCzAJBgNVBAYTAlhZMREwDwYDVQQIEwhBbnlTdGF0ZTEQMA4GA1UE
BxMHQW55Q2l0eTERMA8GA1UEChMIT3JnIEluYy4xDDAKBgNVBAsTA2NzaTEVMBMGA1UEAxMM
bWF4IExpY2NhcmRvMR8wHQYJKoZIhvcNAQkBFhBtbGljY2FyZG9AdGltLml0MFswDQYJKoZI
hvcNAQEBBQADSgAwRwJAcJL44fJaqCkDLw0PC1EMUejX8D1NXJsj9D4kgUQpYVRKvh2S1ZOg
MOn1ae+PvuqyDkikdjA59HXi3FKSadjDEQIDAQABoDcwNQYKKwYBBAGCNwIBDjEnMCUwDgYD
VR0PAQH/BAQDAgE4MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAkGBSsOAwIdBQADQQBqPmOAy3Gw
luDPipZ/0Jh1BmdcwJREeK7FrzaC89t+EucnnXGMSn+O1vDhLXuyCR5MaQ5Hogx2p4shA7ck
wOiT
-----END CERTIFICATE REQUEST-----
and then the command
ca -config $HOME/ssl/lib/ssleay.cnf -in the_file -verbose
Using configuration from /home/web/ssl/lib/ssleay.cnf
0 entries loaded from the database
generating indexs
message digest is md5
policy is policy_match
next serial number is 01
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=XY, ST=AnyState, L=AnyCity, O=Org Inc., OU=csi,
CN=max Liccar
[EMAIL PROTECTED]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (511 bit)
Modulus (511 bit):
70:92:f8:e1:f2:5a:a8:29:03:2f:0d:0f:0b:51:0c:
51:e8:d7:f0:3d:4d:5c:9b:23:f4:3e:24:81:44:29:
61:54:4a:be:1d:92:d5:93:a0:30:e9:f5:69:ef:8f:
be:ea:b2:0e:48:a4:76:30:39:f4:75:e2:dc:52:92:
69:d8:c3:11
Attributes:
1.3.6.1.4.1.311.2.1.14 :unable to print attribute
Signature Algorithm: UNKNOWN
6a:3e:63:80:cb:71:b0:96:e0:cf:8a:96:7f:d0:98:75:06:67:
5c:c0:94:44:78:ae:c5:af:36:82:f3:db:7e:12:e7:27:9d:71:
8c:4a:7f:8e:d6:f0:e1:2d:7b:b2:09:1e:4c:69:0e:47:a2:0c:
76:a7:8b:21:03:b7:24:c0:e8:93
Check that the request matches the signature
Signature verification problems....
writing new certificates
The result is an error. I use the xenroll method from Micro$oft.
--
o _______________
/\_ _| | Max Liccardo - Security Pianist Consultant
_\__`[_______________| [EMAIL PROTECTED] (at work)
] [ \, ][ ][ [EMAIL PROTECTED] (at home,sweet home)
"..fatti non foste per viver come bruti,
ma per seguir virtute e cAnoscenza .."
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]