hello, I did that and now the certificate appears as 'personal' certificate, and seems to look as any other certficate (ie got private key, got root certifcate, valid for all purposes, valid date etc). but yet windows XP still will not use it for network authentication (802.1x).
any ideasB? On Fri, 1 Feb 2002, Martin Leung wrote: > Hi Adam, > > Only certificate with corresponding private key is meaningful in the > Personal store. Otherwise, you can't use the cert. for signing. To create > one, you need to: > - set up a CA, e.g. use the perl script in the archive > - make a cert req., e.g. openssl req -new ... > - get the req signed, e.g. openssl ca ... > - bundle key + cert to a pkcs12 file, e.g. openssl pkcs12 ... > > Then, you can import it into Windows. > > Rgds. > Martin > > ----- Original Message ----- > From: "Adam" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, February 01, 2002 3:45 AM > Subject: X509 V3 extension 'Certificate Template' > > > > > > Hello, > > I have been trying to use OpenSSL (openssl-SNAP-20020129) to > > generate certificates for Windows XP. While I can generate CA and > > certificates which XP will accept in general, I can't generate > > such certificate that it will accept it as 'personal' certificate. > > > > The main complaint from XP seems to be that the certificate > > does not have the 'private key' that correspond to certificate. > > > > However, looking over openssl-users mailing list archives > > it seems that the issue is that M$ has added proprietary > > extension and some magic is required in order to create > > certificate windows XP will consider personal certificate. > > > > Unfortunatelly I'm not very familar with openssl, so I was > > wondering if someone has put out of there some HOWTO or FAQ how do > > I create certificate for windows XP which will be accepted as > > 'personal certificate. Does such thing exist? > > > > Adam > > > > -- > > Adam > > http://www.eax.com The Supreme Headquarters of the 32 bit registers > > > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > -- Adam http://www.eax.com The Supreme Headquarters of the 32 bit registers ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]