Rafael Calzada Pradas wrote:
>
> Hello,
>
> Excuse me if I am asking a question that has already answered
> before, I have done a lot of searches on several servers and I couldn't
> find any information.
>
> Since last week I have been trying to sign a certificate request
> from a IIS server, generated with the Key Manager that comes with IIS.
>
> I have enable SGC (Server Gated Crypto) as Microsoft said in
> <http://www.microsoft.com/security/tech/sgc/EnableSGC.asp>, but I get
> this error:
> "The certificate is invalid. Please doble-check that you have
> chosen the correct file. CAPI2 error = 80093005"
>
Typical informative Microsoft error messsage eh?
> I had also signed the request with Microsoft Certificate Server
> and the signed certificate was accepted with no problems.
>
> Does anybody know what's wrong or what should I do to get a good
> signed certificate using openSSL.
>
I'd suggest you comment out all the certificate extensions added by
OpenSSL in the openssl.cnf file. If it then works then try to narrow
down which (if any) is causing the problem.
>From your certificate you should at least comment out subjectAltName
because you aren't giving it any value. You also might want to exclude
basicConstraints or at least change the critical flag (some MS software
chokes on critical flags).
I did note also that the key used to sign the acceptable certificate is
only 512 bits long but the OpenSSL one is 1024 bits. Though I doubt that
is the reason.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
