RE: W2k wiazrd
-Original Message- From: Nevalainen, Eric [mailto:[EMAIL PROTECTED]] Sent: 22 August 2001 17:20 To: 'Robert Krenn' Cc: '[EMAIL PROTECTED]' Subject: W2k wiazrd Bingo! The string: bash-2.04# OpenSSL ca -out request.pem -notext -infiles certreq.txt where -out =the cert to be generated, and -infiles =the pending request, the -notext option supresses the plaintext form of the certificate to the output file. IIS 5 seems to like this. output looks like: I wouldn't hold your breath if this is a self-signed certificate. No doubt someone else will correct me if I'm wrong, but I've never been able to get self-signed certificate working on any version of IIS. (I'm assuming this is a server cert. If it's a client cert then I'm probably barking up the wrong tree). - John Airey Internet Systems Support Officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: W2k wiazrd
for a self-signed certificate... NB Does NOT work for a public webpage... with both iis4 iis5, i took the ca.crt and server.crt that was generated... edited to remove the human readble stuff at the benginning - ie down as far as the --begin certificate etc... took the files over to my win box and double clicked on them and installed them... at the client - the browser obviously hasn't heard of the CA called Sean :-) so i take the CA.crt to my client winPC and double click ... now my MSIE has heard of CA-Sean... and i can browse my internal secure server to my hearts content AS-IF i'd gone off and bought a cert - which you can't do if its internal only afaik... cheers, Sean O'Riordain [EMAIL PROTECTED] wrote: -Original Message- From: Nevalainen, Eric [mailto:[EMAIL PROTECTED]] Sent: 22 August 2001 17:20 To: 'Robert Krenn' Cc: '[EMAIL PROTECTED]' Subject: W2k wiazrd Bingo! The string: bash-2.04# OpenSSL ca -out request.pem -notext -infiles certreq.txt where -out =the cert to be generated, and -infiles =the pending request, the -notext option supresses the plaintext form of the certificate to the output file. IIS 5 seems to like this. output looks like: I wouldn't hold your breath if this is a self-signed certificate. No doubt someone else will correct me if I'm wrong, but I've never been able to get self-signed certificate working on any version of IIS. (I'm assuming this is a server cert. If it's a client cert then I'm probably barking up the wrong tree). - John Airey __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
W2k wiazrd
Bingo! The string: bash-2.04# OpenSSL ca -out request.pem -notext -infiles certreq.txt where -out =the cert to be generated, and -infiles =the pending request, the -notext option supresses the plaintext form of the certificate to the output file. IIS 5 seems to like this. output looks like: -BEGIN CERTIFICATE- MIIECDCCA3GgAwIBAgIBBTANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCVVMx EjAQBgNVBAgTCU1pbm5lc290YTEQMA4GA1UEBxMHQmF5cG9ydDEdMBsGA1UEChMU QW5kZXJzZW4gQ29ycG9yYXRpb24xJDAiBgNVBAsTG0luZm9ybWF0aW9uIFJpc2sg TWFuYWdlbWVudDEgMB4GA1UEAxMXZGFlbW9uLmFuZGVyc2VuY29ycC5jb20xLzAt BgkqhkiG9w0BCQEWIGVyaWMubmV2YWxhaW5lbkBhbmRlcnNlbmNvcnAuY29tMB4X DTAxMDgyMjE1NDI0MVoXDTAyMDgyMjE1NDI0MVowgYIxCzAJBgNVBAYTAlVTMRIw EAYDVQQIEwlNaW5uZXNvdGExHTAbBgNVBAoTFEFuZGVyc2VuIENvcnBvcmF0aW9u MSwwKgYDVQQLEyNBbmRlcnNlbiBDb3Jwb3JhdGlvbiBJVFMgRGVwYXJ0bWVudDES MBAGA1UEAxMJYnB3ZWJkZXYzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq /cnKscpUJUOFKbYkzTtj+sb8EpRViqhKPsENV8WL3c2v9FGe4QI0/G956EYMSLe9 XQwlImLb3iR+Ag5eyg/bXD4UA7ENXE94Uudlu7b+aYkOprnYCISkUHez0qM86MVP cjb2txt4W+9wcXWjsonRbUm6uBg08JvAKs3Yd0qHbwIDAQABo4IBQTCCAT0wCQYD VR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlm aWNhdGUwHQYDVR0OBBYEFBmAhoIdiu9OFnABdQWmtTm/MgyKMIHiBgNVHSMEgdow gdehgdGkgc4wgcsxCzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlNaW5uZXNvdGExEDAO BgNVBAcTB0JheXBvcnQxHTAbBgNVBAoTFEFuZGVyc2VuIENvcnBvcmF0aW9uMSQw IgYDVQQLExtJbmZvcm1hdGlvbiBSaXNrIE1hbmFnZW1lbnQxIDAeBgNVBAMTF2Rh ZW1vbi5hbmRlcnNlbmNvcnAuY29tMS8wLQYJKoZIhvcNAQkBFiBlcmljLm5ldmFs YWluZW5AYW5kZXJzZW5jb3JwLmNvbYIBADANBgkqhkiG9w0BAQQFAAOBgQAoMkwE 8zNv4R4C7+JDtY50Iq/xlkm1BpfM6/SpRIWg6zXmB+fbOxwW5oyD4BJ944Poki7I qki2c7OSrMn0ZT/qpoEsYkXrC81klKY3730rcOnl0wZqsAYA43/8E90Fdn8o2L7n +jLGEJmyilSCdSdP1V3H9j5w/oPdojVEli0DZg== -END CERTIFICATE- The only problem I have left, is getting the cert to work properly. IE won't load the page, something about unable to verify signing authority. I suspect I need to hang the signing CERT out on a web page for verification. I'm not sure though *** Eric Nevalainen CISSP phone: 651-264-7164 Information Risk Management fax: 651-264-5614 Andersen Corporation Cel: 651-470-4307 100 Fourth Avenue North Pager: 651-470-4307 Bayport MN 55003 [EMAIL PROTECTED] *** -Original Message- From: Robert Krenn [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 9:21 AM To: Nevalainen, Eric Subject: Re: curious On Wed, 22 Aug 2001, Nevalainen, Eric wrote: Robert, I was wondering if you had received an answer to your question on the openssl list the other day. I find myself in much the same situation. HI, no I have not received any answer to it yet. I've been too busy to test the various ideas I have on the issue. One idea could be that openssl creates the certificates in .pem format and MS IIS need to get the certificate in some other format. I belive I saw something about this on the openssl-list yesterday. I keep your mail and send you a note if I get it working. Regards //Robert --- Frontyard Communications AB Tel: +46 8 56844100 http://www.frontyard.com ISDN: +46 8 4488012 Fax: +46 8 56844101 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]