Hi James, I guess IIS recognizes certificates with .cert as file extension. Try naming the certificate you get out of OPENssl as .cert instead of .pem. One more thing.. edit the certificate given by OPENssl and see if it has text in it. If I remember well, openssl certificates have both text and encoded text in the certificate. If you open it you should see stuff like subject name, issuer name etc. IIS doesn't like this format. It only needs the encoded text. So remove all human readable stuff from the openssl generated certificate. And just leave everything in between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- including these two lines intact. Then rename the file as whatever.cert and IIS should recognise it. When I had the same problem I hacked into openssl code so that it generated only the encoded certificate(commented a few fprintf statements). I don't know if it is a good practice though.
Thanks Rakesh ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]