Hello,
Excuse me if I am asking a question that has already answered
before, I have done a lot of searches on several servers and I couldn't
find any information.
Since last week I have been trying to sign a certificate request
from a IIS server, generated with the Key Manager that comes with IIS.
I have enable SGC (Server Gated Crypto) as Microsoft said in
<http://www.microsoft.com/security/tech/sgc/EnableSGC.asp>, but I get
this error:
"The certificate is invalid. Please doble-check that you have
chosen the correct file. CAPI2 error = 80093005"
I had also signed the request with Microsoft Certificate Server
and the signed certificate was accepted with no problems.
Does anybody know what's wrong or what should I do to get a good
signed certificate using openSSL.
Here are the results of executing 'openssl x509 -text -noout -in
signed.cert' over a certificate signed with openSSL and another with
Microsoft Certificate Server. I think that the problem is related to CRL,
but I hadn't been able to find information about it.
Thanks in advance.
8<---------------------- Microsoft one -------------------------->8
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
57:8d:a2:00:00:00:01
Signature Algorithm: md5WithRSAEncryption
Issuer: C=ES, ST=Madrid, L=Leganes, O=Universidad Carlos III de
Madrid,
OU=Servicio de Informatica, CN=microCA
Validity
Not Before: Apr 12 10:37:18 1999 GMT
Not After : Apr 12 10:37:18 2000 GMT
Subject: C=ES, ST=Madrid, L=Leganes, O=Universidad Carlos III de
Madrid,
OU=Servicio de Informatica, CN=nuberu.uc3m.es
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c1:f2:a4:30:91:e3:9d:99:a9:dd:63:e5:11:9e:
3a:f6:b5:a9:8b:44:f4:9e:59:ec:21:f3:c6:a8:a4:
bf:88:a4:43:80:1a:ec:4b:07:5a:24:e0:95:d7:99:
f0:2c:dd:ec:7c:0d:c5:9f:09:5a:16:7f:1b:16:32:
b4:c6:f3:32:d3:e0:8b:e3:e1:e7:6a:4c:ce:db:ef:
89:ae:2e:df:66:c0:99:6a:75:1a:03:68:d9:f6:2c:
c8:be:dd:80:63:d5:0d:a7:ed:de:fa:61:e8:bb:76:
6c:fb:12:31:67:6d:64:6f:a9:eb:10:9d:9f:f8:f4:
ea:50:a9:9a:02:6e:71:46:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:FD:82:A9:86:3C:0E:3A:44:07:68:6D:3B:0C:97:96:75:1A:12:BD:4
4, DirName:/C=ES/ST=Madrid/L=Leganes/O=Universidad Carlos III de
Madrid/OU=Servi
cio de Informatica/CN=microCA,
serial:05:1F:1F:DC:60:00:C0:5D:EF:2E:10:49:18:5B:
F4:5C
X509v3 CRL Distribution Points:
0j02.0...,http://NUBERU/CertSrv/CertEnroll/microCA.crl04.2.0..fi
le://\\NUBERU\CertSrv\CertEnroll\microCA.crl
X509v3 Basic Constraints:
CA:FALSE
1.3.6.1.5.5.7.1.1:
0A0?..+.....0..3http://NUBERU/CertSrv/CertEnroll/NUBERU_microCA.
crt
Signature Algorithm: md5WithRSAEncryption
b2:f4:52:7c:eb:18:b4:03:45:9e:ea:5b:9d:d2:c1:37:11:28:
8b:82:85:7d:81:eb:c7:54:90:be:64:4f:9a:a6:35:8e:19:f1:
a5:5c:92:13:29:c3:22:fb:a7:f1:40:d0:c6:28:24:13:06:d1:
e5:bd:30:00:02:22:f0:5e:7e:2e
8<-------------- end of Microsoft one ------------------------>8
8<-------------- OpenSSL one --------------------------------->8
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2 (0x2)
Signature Algorithm: md5WithRSAEncryption
Issuer: C=ES, ST=Madrid, L=Leganes, O=Universidad Carlos III de
Madrid,
OU=Servicio de Informatica, CN=Autoridad de Certificacion en
pruebas/Email=rafa@
di.uc3m.es
Validity
Not Before: Apr 12 06:00:40 1999 GMT
Not After : Apr 11 06:00:40 2000 GMT
Subject: C=ES, ST=Madrid, O=Universidad Carlos III de Madrid,
OU=Servici
o de Informatica, CN=nuberu.uc3m.es
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c1:f2:a4:30:91:e3:9d:99:a9:dd:63:e5:11:9e:
3a:f6:b5:a9:8b:44:f4:9e:59:ec:21:f3:c6:a8:a4:
bf:88:a4:43:80:1a:ec:4b:07:5a:24:e0:95:d7:99:
f0:2c:dd:ec:7c:0d:c5:9f:09:5a:16:7f:1b:16:32:
b4:c6:f3:32:d3:e0:8b:e3:e1:e7:6a:4c:ce:db:ef:
89:ae:2e:df:66:c0:99:6a:75:1a:03:68:d9:f6:2c:
c8:be:dd:80:63:d5:0d:a7:ed:de:fa:61:e8:bb:76:
6c:fb:12:31:67:6d:64:6f:a9:eb:10:9d:9f:f8:f4:
ea:50:a9:9a:02:6e:71:46:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
Netscape Cert Type:
SSL Client, SSL Server, S/MIME, Object Signing
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
2E:6F:C5:17:E8:86:C3:8C:0E:09:95:BF:07:ED:91:A5:39:7C:86:06
X509v3 Authority Key Identifier:
keyid:98:04:40:08:1B:EC:6B:38:79:04:35:9C:D7:FB:FF:80:C3:B6:56:A
A, DirName:/C=ES/ST=Madrid/L=Leganes/O=Universidad Carlos III de
Madrid/OU=Servi
cio de Informatica/CN=Autoridad de Certificacion en
[EMAIL PROTECTED]
s, serial:00
X509v3 Subject Alternative Name:
0.
X509v3 Issuer Alternative Name:
email:[EMAIL PROTECTED]
Signature Algorithm: md5WithRSAEncryption
ba:91:5f:50:df:83:ea:0f:3e:9a:80:c6:e6:69:f9:be:85:fa:
3c:72:2e:e7:bc:07:31:db:18:46:6b:02:1e:5e:0d:eb:d4:3f:
2e:45:b1:bb:c9:e4:6d:d8:31:3d:c3:84:59:d3:55:fb:90:53:
15:91:28:96:02:8a:a0:f7:2f:ea:64:90:df:e9:37:5d:e4:a4:
7f:a8:9a:e9:22:d1:19:51:d0:27:f1:94:e7:ff:30:c4:e0:95:
5a:5d:05:b6:ac:8b:7e:1a:13:3d:d8:1f:fa:41:f3:bf:e7:ce:
6c:92:c7:3c:bd:63:a3:05:f1:69:5e:9d:67:05:2f:4f:1d:04:
df:4f
8<--------------- end of OpenSSL one ---------------------->8
Thanks in advance. Rafa.
====================================
Rafael Calzada Pradas
SysAdmin and Postmaster
[EMAIL PROTECTED]
Universidad Carlos III de Madrid
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]