Re: OpenSSL Ca

Tue, 12 Jan 2010 04:48:34 -0800 

Hi,

What mail client are you using under Windows?
Each mail client has its own storage for private keys (Thunderbird uses local NSS key storage, Outlook uses CSP and IE certificate store). So, since you generated the key outside the scope of the mail client, you will certainly have to create a PKCS#12 file (called also PFX under Windows) containing your private key and its signed certificate and then import this file into your mail client's key storage (for Outlook, you'll have to install the PFX by double-clicking on it). So, everything depends on your mail client and how it will access your private key. 

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

On 1/12/2010 12:35 PM, Anton Xuereb wrote:

Hi,


I'm trying to create a private CA with openssl for my enterprise. I 
have generated the CA private key and certificate. I have created a 
key pair and a certificate signing request from a windows pc using 
kleopatra (key management utility that comes with winpgp). I signed 
the request with the CA's key and sent the signed certificate to the 
windows pc and imported the certificate. I exported the public key 
which I sent to my laptop. I imported the certificate of my CA into my 
mail client and trusted it. I then imported the public key as exported 
from the windows pc. It is imported but instead of being put into the 
People category it's sent in the Others section as it apparently does 
not fit in any of the other categories. I am therefore unable to send 
encrypted mail to the windows pc using it's public key as my client 
will not use it to encrypt.


The following are the commands I used in order to get to this point:

In order to generate the private key and ca certificate:


# openssl req -config openssl.my.cnf -new -x509 -extensions v3_ca 
-keyout private/myca.key -out certs/myca.crt -days 1825


I converted the request from DER to PEM format using:

openssl req -in datareq.p10 -inform der -out datareq.csr

In order to sign the request:


# openssl ca -config openssl.my.cnf -policy policy_anything -in 
datareq.csr


I'm at a loss at the moment so any help would be appreciated.

Thanks ,

Anton



--
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org






















					Reply via email to