I am using the following script to create my certificate.
openssl req -new -keyout newreq.pem -out newreq.pem -passin
pass:1whatever -passout pass:whatever -days 365
openssl ca -policy policy_anything -out newcert.pem -passin
pass:whatever -key whatever -extensions xpclient_ext -extfile
xpextensions -infiles newreq.pem
openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out $1.p12
-clcerts -passin pass:whatever -passout pass:whatever
openssl x509 -inform PEM -outform DER -in $1.pem -out $1.der
rm -rf newcert newreq.pem
When I execute this command I am asked for an challenge password. But I
provided at the commands themselv a -passin pass and -passout pass. Is
this the same or are this different passwords? It seems to me that the
challenge password I am asked to enter during creation is not used for
the certificate.
And a second question:
When I import the .p12 file into Windows I am asked for a password I am
asked for a Secret. Is this the challenge password?
Thanks for the help
Berndt
Command output.
ITS-Test1:/etc/1x# ./createcert.pl karaduman
Generating a 1024 bit RSA private key
............................++++++
........++++++
writing new private key to 'newreq.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AT]:AT
State or Province Name (full name) [Vienna]:Vienna
Locality Name (eg, city) []:
Organization Name (eg, company) [TGM - Schule der Technik]:TGM - Die
Schule der Technik
Organizational Unit Name (eg, section) [IT-Service]:IT-Service
Common Name (eg, YOUR name) [TGM Wireless CA]:Ercan Karaduman
Email Address [EMAIL PROTECTED]:[EMAIL PROTECTED]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:G5N5B3Y3
An optional company name []:
Using configuration from /usr/lib/ssl/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 163 (0xa3)
Validity
Not Before: Aug 18 15:42:54 2003 GMT
Not After : Aug 17 15:42:54 2004 GMT
Subject:
countryName = AT
stateOrProvinceName = Vienna
organizationName = TGM - Die Schule der Technik
organizationalUnitName = IT-Service
commonName = Ercan Karaduman
emailAddress = [EMAIL PROTECTED]
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Client Authentication
Certificate is to be certified until Aug 17 15:42:54 2004 GMT (365 days)
Sign the certificate? [y/n]:y
openssl req -new -keyout newreq.pem -out newreq.pem -passin
pass:1whatever -passout pass:whatever -days 365
openssl ca -policy policy_anything -out newcert.pem -passin
pass:whatever -key whatever -extensions xpclient_ext -extfile
xpextensions -infiles newreq.pem
openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out $1.p12
-clcerts -passin pass:whatever -passout pass:whatever
openssl x509 -inform PEM -outform DER -in $1.pem -out $1.der
rm -rf newcert newreq.pem
------------------------------------------
TGM - Die Schule der Technik
IT - Service
A - 1200 Wien, Wexstr. 19-23
Tel. +43(1)33126/316 Fax: +43(1)33126/154
E-Mail: [EMAIL PROTECTED]
------------------------------------------
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
