On Wed, Mar 08, 2006, Stuart Halliday wrote: > > If it helps, here is how I generated the certs. > > 1st, the CA. > > openssl req -config openssl.cnf -new -x509 -keyout > ECS_CA/private/cakey.pem -out ECS_CA/cacert.pem -days 3650 > > > Then I used the following commands to generate the users certs on the Server: > > openssl req -new -key ECS_CA\private\cakey.pem -out stuarth.csr > openssl ca -policy policy_anything -out stuarth.cer -infiles stuarth.csr > > Infopath needs a cert with a private key so the .p12 format is required. > > openssl x509 -in stuarth.cer -out stuarth_certx509.pem > openssl pkcs12 -export -in stuarth_certx509.pem -inkey > ECS_CA\private\cakey.pem -out stuarth.p12 > > and it is stuarth.p12 which I import into mmc - Personal. >
It looks like you are using the same key for the user certificates and the CA! Instead of manually entering commands use the CA.pl script instead. That is intended to just "do the right thing" when given some simple options. Don't use the CA.pl in the release version of 0.9.8 though: pick a recent snapshot or use 0.9.7. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
