Here are answer's to some of your questions:
1. OpenSsl supports the X509 v3 certificate format which is used by IPSEC. So certificates generated by OpenSsl can be used for IPSEC.
2. OpenSsl has support for cut and paste mechanism (you mean PKCS10/PKCS7!). Look at apps/req.c (generation of PKCS10 or CSR) and apps/pkcs7.c. The CSR generated using OpenSsl can be used with most of the CA (I have tested with Verisign, SSH, Thawte).
Regards,
Prashant.
Jinn Su <[EMAIL PROTECTED]> wrote:
Hello,I'm new to the OpenSSL community. Please help to clarify my following questions.1) Can OpneSSL be used for IPsec certificate?2) Does OpenSSL provide APIs to support the Cut-and-Paste certificate enrollmentfor the IPsec certificate with the non-OpenSSL CAs/PKIs, e.g. VeriSign PKI &MicroSoft CA)? If so, what are the APIs, how is it done, & are there examples?3) Does OpenSSL provide command line interface to support the Cut-and-Pastecertificate enrollment for the IPsec certificate with the non-OpenSSL CAs/PKIs,e.g. VeriSign PKI & MicroSoft CA)? If so, what are the commands, how is itdone, & are there examples?4) In general, how is the root CA certificate retrieved & in what format? Also, howis it used in the Cut-and-Paste certificate enrollment process? Which specificAPIs and commands are used to validate an enrolled certificate with the root CA(certificate issuer's) certificate?Thank you in advance for answering the above questions!Jinn__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
