hi,
I follow the step you give me. Now I have the certificate with private key.
Another problem arised. I import the file to the personal store. When I
enable the wireless card, winXP let me choose the 'user name on certificate',
But there is no option for my certificate which issue in openssl.
If I use the CA of windows to get the certificate, it works. Is there some
option I missed ? Please give me some idea!
the different between certificate create by windows and openssl is that:
windows:
the certificate information:
allow data on disk to be encrypted
protect emaill message
proves your identity to a remote computer
openssl:
the certificate information
all application policy.
is somewhere I could config so that the openssl could create the exact
certificate like windows?
thanks
Hi Adam,
Only certificate with corresponding private key is meaningful in the
Personal store. Otherwise, you can't use the cert. for signing. To
create
one, you need to:
- set up a CA, e.g. use the perl script in the archive
- make a cert req., e.g. openssl req -new ...
- get the req signed, e.g. openssl ca ...
- bundle key + cert to a pkcs12 file, e.g. openssl pkcs12 ...
Then, you can import it into Windows.
Rgds.
Martin
- Original Message -
From: Adam [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, February 01, 2002 3:45 AM
Subject: X509 V3 extension 'Certificate Template'
Hello,
I have been trying to use OpenSSL (openssl-SNAP-20020129) to
generate certificates for Windows XP. While I can generate CA and
certificates which XP will accept in general, I can't generate
such certificate that it will accept it as 'personal' certificate.
The main complaint from XP seems to be that the certificate
does not have the 'private key' that correspond to certificate.
However, looking over openssl-users mailing list archives
it seems that the issue is that M$ has added proprietary
extension and some magic is required in order to create
certificate windows XP will consider personal certificate.
Unfortunatelly I'm not very familar with openssl, so I was
wondering if someone has put out of there some HOWTO or FAQ how do
I create certificate for windows XP which will be accepted as
'personal certificate. Does such thing exist?
Adam
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]