Hello,
The subject says it all. I am using a combination of SSLeay 0.9.0, ca-fix,
and pkcs12 4.1 to attempt to generate a cert chain that will import into
MSIE 4.01 (US). I am obviously doing something wrong. This is what I am
doing:
CA.sh -create
(set key)
set country CA
set state Alberta
Set locality Calgary
Set Organization name Orion Technologies Inc.
Set Organization Unit Orion Technologies CA
Set common name Digital Identification
Set email [EMAIL PROTECTED]
Change the date on the CA cert
x509 -days 1825 -in cacert.pem -out tempcert.pem
mv tempcert.pem cacert.pem
ca-fix -caset -in cacert.pem -out tempcert.pem -inkey private/cakey.pem
mv tempcert.pem cacert.pem
CA.sh -newreq
(enter password)
set country CA
set state Alberta
set locality Calgary
Set organization name Orion Technologies Inc.
set organizational unit name Research & development
set common name Tim Pushor
set email [EMAIL PROTECTED]
no challenge password
no company name
CA.sh -sign
ca-fix -in newcert.pem -out testcert.pem -nscertype 0x20 -inkey
/CA/private/cakey.pem
mv testcert.pem newcert.pem
cp /CA/cacert.pem /var/spool/ssl/certs
c_rehash
verify newcert.pem (is OK)
pkcs12 -chain -export -name "My Certificate" -in newcert.pem -inkey
newreq.pem -out test.p12
This creates a pkcs12 object that works fine from communicator but not from
MSIE. I get that great old error message "Failed to import certificate".
Do I need to worry about the -MSIE-hack options to ca?
On another vein, if I want to be able to sign objects (Java applets in
particular) do I need to enable object signing on the ca AND on the cert? I
haven't played with this yet, but want to make sure my CA is ok for that as
well before deploying it to our organization.
Thanks for any help, and apologize for the long post..
Tim
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
