X.509 V3 Extension field

2002-02-18 Thread Yuan Yuan 

Is there someone have experience to creat X.509 V3 Extension field for
Windows XP use?

seems if not provide these field, windowxp will not recognize the
certificate as a valid one.

any idea is welcome,thanks

__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: X509 V3 extension 'Certificate Template'

2002-02-02 Thread Yuan Yuan 

hi, 

I follow the step you give me. Now I have the certificate with private key. 
Another problem arised. I import the file to the personal store. When I 
enable the wireless card, winXP let me choose the 'user name on certificate', 
But there is no option for my certificate which issue in openssl. 

If I use the CA of windows to get the certificate, it works. Is there some 
option I missed ? Please give me some idea!

the different between certificate create by windows and openssl is that: 

windows:

the certificate information:
allow data on disk to be encrypted
protect emaill message
proves your identity to a remote computer

openssl:
the certificate information
all application policy.



is somewhere I could config so that the openssl could create the exact 
certificate like windows?

thanks



  Hi Adam,

  Only certificate with corresponding private key is meaningful in the
  Personal store. Otherwise, you can't use the cert. for signing. To 
create
  one, you need to:
  - set up a CA, e.g. use the perl script in the archive
  - make a cert req., e.g. openssl req -new ...
  - get the req signed, e.g. openssl ca ...
  - bundle key + cert to a pkcs12 file, e.g. openssl pkcs12 ...

  Then, you can import it into Windows.

  Rgds.
  Martin

  - Original Message -
  From: Adam [EMAIL PROTECTED]
  To: [EMAIL PROTECTED]
  Sent: Friday, February 01, 2002 3:45 AM
  Subject: X509 V3 extension 'Certificate Template'


  
   Hello,
   I have been trying to use OpenSSL (openssl-SNAP-20020129) to
   generate certificates for Windows XP. While I can generate CA and
   certificates which XP will accept in general, I can't generate
   such certificate that it will accept it as 'personal' certificate.
  
   The main complaint from XP seems to be that the certificate
   does not have the 'private key' that correspond to certificate.
  
   However, looking over openssl-users mailing list archives
   it seems that the issue is that M$ has added proprietary
   extension and some magic is required in order to create
   certificate windows XP will  consider personal certificate.
  
   Unfortunatelly I'm not very familar with openssl, so I was
   wondering if someone has put out of there some HOWTO or FAQ how do
   I create certificate for windows XP which will be accepted as
   'personal certificate. Does such thing exist?
  
   Adam
  
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

any improvement in the EAP/TLS?

2002-01-20 Thread Yuan Yuan 


I see the talk about eap/tls month ago, some improvement in this aspect.

any suggestion is appreciated!
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]