Hi,
Have a question. Is this the Windows native store for CA
certificates ? Which MS help doc. are you referring ? We want a secure
storage facility for all our certificates but we don't to buy a
separate product.
Thanks,
Mohan
On Wed, Sep 8, 2010 at 5:10 AM, Dongsheng Song <dongsheng.s...@gmail.com> wrote:
> Are you test with 2008/win7 ?
>
> My self-signed certificate can automatically goto 'Trusted Root
> Certification Authorities'
> on XP/2k3 box, but not 2008 box.
>
> If the answer is 'YES', could you share the configuration ?
>
> Because I compared my self-signed certificate with microsoft 2010 ROOT CA,
> no valuable
> difference.
>
> Thanks,
> Dongsheng
>
> On Wed, Sep 8, 2010 at 01:59, Jakob Bohm <jb-open...@wisemo.com> wrote:
>>
>> On 07-09-2010 09:59, Dongsheng Song wrote:
>>>
>>> Hi,
>>>
>>> When I install my self-signed certificate to 'Certificate Store' of
>>> Windows 2008,
>>> if I select 'Automatically select the certificate store based on the
>>> type of certificate',
>>> then the self-signed certificate will be in the 'Intermediate
>>> Certification Authorities',
>>> not 'Trusted Root Certification Authorities'.
>>>
>>> How can I create self-signed certificate with correct certificate TYPE ?
>>>
>>> Regards,
>>> Dongsheng
>>
>> Note that this did NOT happen with the self-signed CA root cert that I
>> created with openssl (via a GUI front end) for our internal network CA.
>> (Used for such boring tasks as SSL certificates for domain controllers
>> etc.).
>>
>> It has the following attributes (anonymised here):
>>
>> Certificate:
>> Data:
>> Version: 3 (0x2)
>> Serial Number:
>> f8:dd:1a:38:49:01:61:a4
>> Signature Algorithm: sha1WithRSAEncryption
>> Issuer: C=XX, L=Somecity, O=OurCompany, CN=OurCompany Inc.
>> Validity
>> Not Before: Apr 19 18:41:02 2010 GMT
>> Not After : Apr 16 18:41:02 2020 GMT
>> Subject: C=XX, L=Somecity, O=OurCompany, CN=OurCompany Inc.
>> Subject Public Key Info:
>> Public Key Algorithm: rsaEncryption
>> RSA Public Key: (4096 bit)
>> Modulus (4096 bit):
>> (Omitted)
>> Exponent: 65537 (0x10001)
>> X509v3 extensions:
>> X509v3 Subject Key Identifier:
>> 9E:37:BE:96:A4:55:F4:B9:6A:27:85:0F:F8:A2:6F:EE:E4:3D:B4:35
>> X509v3 Authority Key Identifier:
>>
>> keyid:9E:37:BE:96:A4:55:F4:B9:6A:27:85:0F:F8:A2:6F:EE:E4:3D:B4:35
>> DirName:/C=XX/L=Somecity/O=OurComapany/CN=OurCompany Inc.
>> serial:F8:DD:1A:38:49:01:61:A4
>>
>> X509v3 Basic Constraints: critical
>> CA:TRUE
>> Netscape Cert Type:
>> SSL CA, S/MIME CA, Object Signing CA
>> X509v3 Issuer Alternative Name:
>> <EMPTY>
>>
>> Netscape Comment:
>> WiseMo Internal CA
>> Netscape CA Revocation Url:
>> https://SomeInternalServer/somename.crl
>> Netscape Revocation Url:
>> https://SomeInternalServer/somename.crl
>> X509v3 Key Usage: critical
>> Certificate Sign, CRL Sign
>> Signature Algorithm: sha1WithRSAEncryption
>> (omitted)
>>
>> ______________________________________________________________________
>> OpenSSL Project http://www.openssl.org
>> User Support Mailing List openssl-us...@openssl.org
>> Automated List Manager majord...@openssl.org
>
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
