Re: Help with issuing self signed certificates



On 1 ינואר, 20:24, Neil W Rickert <rickert...@xxxxxxxxxx> wrote:
Asi <asi....@xxxxxxxxx> writes:
If the server is setup properly, the intermediate CA certificate
should not need to be installed on the client.
Well,
I use Cisco Sip Proxy Server on Linux as my server.
No Certificate store of any kind, and there is only one field in the
application where I can fill in where the server certificate is.

I have never dealt with Cisco systems (at least not directly), so no
experience there.

I tried to manually join the two text files (server and intermediate),
but it didn't make a change.
Maybe I can append the two certificates into one file using some sort
of openssl command?

I don't know what format Cisco requires.  If I recall correctly,
openssl can be used to convert a certificate to PKS7 format,
and there is an option to include the certificate chain in the
output certificate.  If the Cisco accepts that format, it might be
worth trying.

I did a google search for "certificate chain cisco proxy" (without
the quotes).  One of the pages that came up with was:
 http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/a...
I'm not sure if that is useful for your problem.  It seems to suggest a
separate "chaingroup" command is used.


Cisco works for me now with the same format as windows (default output
from openssl is fine).
The link is for another Cisco product.
Anyone can help with the openssl exact command that creates a
certificate chain output? I don't think the format is important, since
openssl converts formats easily.
Asi.
.



Relevant Pages