I am using the following script to create my certificate. openssl req -new -keyout newreq.pem -out newreq.pem -passin pass:1whatever -passout pass:whatever -days 365 openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpclient_ext -extfile xpextensions -infiles newreq.pem openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out $1.p12 -clcerts -passin pass:whatever -passout pass:whatever openssl x509 -inform PEM -outform DER -in $1.pem -out $1.der rm -rf newcert newreq.pem
When I execute this command I am asked for an challenge password. But I provided at the commands themselv a -passin pass and -passout pass. Is this the same or are this different passwords? It seems to me that the challenge password I am asked to enter during creation is not used for the certificate. And a second question: When I import the .p12 file into Windows I am asked for a password I am asked for a Secret. Is this the challenge password? Thanks for the help Berndt Command output. ITS-Test1:/etc/1x# ./createcert.pl karaduman Generating a 1024 bit RSA private key ............................++++++ ........++++++ writing new private key to 'newreq.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AT]:AT State or Province Name (full name) [Vienna]:Vienna Locality Name (eg, city) []: Organization Name (eg, company) [TGM - Schule der Technik]:TGM - Die Schule der Technik Organizational Unit Name (eg, section) [IT-Service]:IT-Service Common Name (eg, YOUR name) [TGM Wireless CA]:Ercan Karaduman Email Address [EMAIL PROTECTED]:[EMAIL PROTECTED] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:G5N5B3Y3 An optional company name []: Using configuration from /usr/lib/ssl/openssl.cnf Check that the request matches the signature Signature ok Certificate Details: Serial Number: 163 (0xa3) Validity Not Before: Aug 18 15:42:54 2003 GMT Not After : Aug 17 15:42:54 2004 GMT Subject: countryName = AT stateOrProvinceName = Vienna organizationName = TGM - Die Schule der Technik organizationalUnitName = IT-Service commonName = Ercan Karaduman emailAddress = [EMAIL PROTECTED] X509v3 extensions: X509v3 Extended Key Usage: TLS Web Client Authentication Certificate is to be certified until Aug 17 15:42:54 2004 GMT (365 days) Sign the certificate? [y/n]:y openssl req -new -keyout newreq.pem -out newreq.pem -passin pass:1whatever -passout pass:whatever -days 365 openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpclient_ext -extfile xpextensions -infiles newreq.pem openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out $1.p12 -clcerts -passin pass:whatever -passout pass:whatever openssl x509 -inform PEM -outform DER -in $1.pem -out $1.der rm -rf newcert newreq.pem ------------------------------------------ TGM - Die Schule der Technik IT - Service A - 1200 Wien, Wexstr. 19-23 Tel. +43(1)33126/316 Fax: +43(1)33126/154 E-Mail: [EMAIL PROTECTED] ------------------------------------------ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]