Hi. all
I'd like to construct my own private CA server for SSL certificates.
Thus, I had contructed my own CA with SSLeay-0.8.1.
I had tested it with SSLeay innate function and Netscape Enterprise server.
But I had some problem with IBM Internet Connection Secure Server.
As far as I know, ICSS has function to create key and certificate Request for
SSL connection.
After Certificate Request is made, the request will be sent to CA for
certification.
But request from ICSS is another one.
It seems to me that there is some difference is certificate request format.
How can I certify request from ICSS with my own CA?
Below is Certificate Request examples.
<From Netscape server>
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBOzCB5gIBADCBgjELMAkGA1UEBhMCS1IxDjAMBgNVBAgTBVNlb3VsMQ4wDAYD
VQQHEwVTZW91bDEUMBIGA1UEChMLREFDT00gQ29ycC4xHzAdBgNVBAsTFkludGVy
bmV0IENvbW1lcmNlIFRlYW0xHDAaBgNVBAMTE3BheWdhdGUuZGFjb20uY28ua3Iw
WjANBgkqhkiG9w0BAQEFAANJADBGAkEAoYgIuqmMmSUojTLzwZ1+W58yShblNvzL
w3SWFpIWb6JEIjtllq2XRV2KuqXUFm49EEYPGJYn+7BPL2hkzkC/9QIBA6AAMA0G
CSqGSIb3DQEBBAUAA0EAYtL8zdoMxOPrdvXlv7esaI07wGK3i1d+aJEjywb0zkwY
VpTBJoWGS8dsLHL+XSLfSLsJVROfglc4iEfmkem1zg==
-----END NEW CERTIFICATE REQUEST-----
<From ICSS>
-----BEGIN PRIVACY-ENHANCED MESSAGE-----
Proc-Type: 4,MIC-ONLY
Content-Domain: RFC822
Originator-Certificate:
MIICDzCCAbkCBDTqwYwwDQYJKoZIhvcNAQECBQAwgZIxCzAJBgNVBAYTAktSMQ4w
DAYDVQQIEwVTZW91bDEOMAwGA1UEBxMFU2VvdWwxFDASBgNVBAoTC0RBQ09NIENv
cnAuMR8wHQYDVQQLExZJbnRlcm5ldCBDb21tZXJjZSBUZWFtMRowGAYDVQQDExFz
ZXRjYS5kYWNvbS5jby5rcjEQMA4GA1UEERMHMTQwLTAxMzAaFws5ODAyMTgxMTEw
WhcLOTkwMjE4MTExMFowgZIxCzAJBgNVBAYTAktSMQ4wDAYDVQQIEwVTZW91bDEO
MAwGA1UEBxMFU2VvdWwxFDASBgNVBAoTC0RBQ09NIENvcnAuMR8wHQYDVQQLExZJ
bnRlcm5ldCBDb21tZXJjZSBUZWFtMRowGAYDVQQDExFzZXRjYS5kYWNvbS5jby5r
cjEQMA4GA1UEERMHMTQwLTAxMzBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDdKRbL
XFvBnaQxj1rabXRqoVMdKAInwtpep9MHkcnHtE3TgadzEebfoDh3sGqxdadUqZxE
//qG71S1DtrJPvb5AgMBAAEwDQYJKoZIhvcNAQECBQADQQDKScFE7b24GNSI2GKk
jDJBUJ3qyX4HWkPQYUFJQ1jYUa+m/COA8Rotk8+PvgYVT8jCPvxnLB3zs4RgefjG
Tyng
MIC-Info: RSA-MD5,RSA,
nS/00n6PipaKs6zfOVPKcluRRQAp7sy+vG5aCeXybySfaHF/BawZMb7K4etTEllh
OXz9MuzPWt2YLZGFNezc+g==
VGhpcyBpcyBhbiBSRkMtMTQyNCBDU1IuCg==
-----END PRIVACY-ENHANCED MESSAGE-----
*********************************************************************
In my thought, certificate request produced by ICSS is another format
comparing to regular certificate request format(PEM format).
In my test, certificate request from ICSS wasn't normally processed in my
own CA.
But I had sent certificate request produced by ICSS to Verisign for DigitalID,
then they had shown to me correct CommonName, OrgName, City etc which I had
provided.
Thus I conculded that verisign get correct information from my certificate
request.
How can I successfully certify certificate request from IBM ICSS?
If you have any idea, please give me comments.
Best Regards.
=====================================================================
JongChan Kim e-mail : [EMAIL PROTECTED]
EC Internet Business Division [EMAIL PROTECTED]
DACOM Corp. Phone : +82 2 220 7735
Seoul Korea. Fax : +82 2 220 0732
=====================================================================
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
