Re: OpenSSL Ca
Hi Anton, I don't know if my article can help you, but you can find what I wrote here about OpenSSL CA and Thunderbird (I am sorry for my poor English) here: http://www.homeworks.it/Html/OpenSSL_PKI_Articolo_Eng.html#InstEMailCert Bye, Alex Anton Xuereb wrote: Hi, I'm trying to create a private CA with openssl for my enterprise. I have generated the CA private key and certificate. I have created a key pair and a certificate signing request from a windows pc using kleopatra (key management utility that comes with winpgp). I signed the request with the CA's key and sent the signed certificate to the windows pc and imported the certificate. I exported the public key which I sent to my laptop. I imported the certificate of my CA into my mail client and trusted it. I then imported the public key as exported from the windows pc. It is imported but instead of being put into the People category it's sent in the Others section as it apparently does not fit in any of the other categories. I am therefore unable to send encrypted mail to the windows pc using it's public key as my client will not use it to encrypt. The following are the commands I used in order to get to this point: In order to generate the private key and ca certificate: # openssl req -config openssl.my.cnf -new -x509 -extensions v3_ca -keyout private/myca.key -out certs/myca.crt -days 1825 I converted the request from DER to PEM format using: openssl req -in datareq.p10 -inform der -out datareq.csr In order to sign the request: # openssl ca -config openssl.my.cnf -policy policy_anything -in datareq.csr I'm at a loss at the moment so any help would be appreciated. Thanks , Anton -- Alessandro Tani Email: alessandro.t...@gmail.com Personal Web Page: http://www.homeworks.it Follow me on Twitter: http://twitter.com/Alessandro_Tani __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Article on PKI and OpenSSL
Hello, my name is Alessandro Tani, together with my colleague Iarno Pagliani, we made a guide (http://www.homeworks.it/Html/OpenSSL_PKI_Articolo_Eng.html) on how to create a PKI infrastructure with OpenSSL on Debian platform, to provide digital certificates for programs like Postfix, Courier, Apache and people to be able to digitally sign and encrypt their emails. We'd love to know your opinion about the article we have achieved. We apologize right now for our English, if you find errors or inaccuracies, both in the article and in the language, we would be very grateful if you could have the report. We will immediately fix the inaccuracies. You can find our article on URL: http://www.homeworks.it/Html/OpenSSL_PKI_Articolo_Eng.html Thank you very much, Alessandro Tani -- Alessandro Tani Via Maria del Rio, 3 - 42100 Reggio Emilia (ITALY) Email: [EMAIL PROTECTED] Tel: +39 0522 337434 - Mobile: +39 388 1884341 Internet: http://www.homeworks.it __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
How to insert a particular x509v3 extension
Hi, I would like to add a particular x509v3 extension to a certificate PKCS#12 to sign email address, the particular extension is Object Identifier followed by an OID number. For example: Object Identifier (2.16.840.1.113733.1.6.10) The OID 2.16.840.1.113733.1.6.10 is an example inspired by VeriSign. Thank you very much, Alex -- Alessandro Tani Via Maria del Rio, 3 - 42100 Reggio Emilia (ITALY) Email: [EMAIL PROTECTED] Internet: http://www.homeworks.it __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]