I have a similar question.
I have generated my own SA key/certificate and I want to import
the whole set nto IIS with key manager. What format is used
for that importation?
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Dr Stephen Henson
> Sent: Monday, April 12, 1999 3:09 PM
> To: [EMAIL PROTECTED]
> Subject: Re: OpenSSL and IIS 4.0
>
>
> Rafael Calzada Pradas wrote:
> >
> > Hello,
> >
> > Excuse me if I am asking a question that has already answered
> > before, I have done a lot of searches on several servers and I couldn't
> > find any information.
> >
> > Since last week I have been trying to sign a certificate request
> > from a IIS server, generated with the Key Manager that comes with IIS.
> >
> > I have enable SGC (Server Gated Crypto) as Microsoft said in
> > <http://www.microsoft.com/security/tech/sgc/EnableSGC.asp>, but I get
> > this error:
> > "The certificate is invalid. Please doble-check that you have
> > chosen the correct file. CAPI2 error = 80093005"
> >
>
> Typical informative Microsoft error messsage eh?
>
> > I had also signed the request with Microsoft Certificate Server
> > and the signed certificate was accepted with no problems.
> >
> > Does anybody know what's wrong or what should I do to get a good
> > signed certificate using openSSL.
> >
>
> I'd suggest you comment out all the certificate extensions added by
> OpenSSL in the openssl.cnf file. If it then works then try to narrow
> down which (if any) is causing the problem.
>
> >From your certificate you should at least comment out subjectAltName
> because you aren't giving it any value. You also might want to exclude
> basicConstraints or at least change the critical flag (some MS software
> chokes on critical flags).
>
> I did note also that the key used to sign the acceptable certificate is
> only 512 bits long but the OpenSSL one is 1024 bits. Though I doubt that
> is the reason.
>
> Steve.
> --
> Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
> Personal Email: [EMAIL PROTECTED]
> Senior crypto engineer, Celo Communications: http://www.celocom.com/
> Core developer of the OpenSSL project: http://www.openssl.org/
> Business Email: [EMAIL PROTECTED] PGP key: via homepage.
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
