Re: Generation of certificate using openssl

From: Alun Jones (alun@texis.com)
Date: 10/04/02 

From: alun@texis.com (Alun Jones)
Date: Fri, 04 Oct 2002 14:11:22 GMT

In article <3D9D3B9A.2040706@asturies.org>, =?ISO-8859-1?Q?Carlos_Car=FAs?=
<kus@asturies.org> wrote:
>That's the point. We have a mixed Windows 2000/Linux network, and we
>just want to know if IIS 5.0 is compatible with the certificates created
> with openssl.

I've had success importing certificates created using RSA as the signing
algorithm, but no success whatsoever importing DSA certificates. Check the
parameters used in creating the key request, to see if it's a DSA or an RSA
certificate that's being created. Microsoft claims to support DSA (or DSS /
DH), but you just can't import a PFX file containing a DSA certificate in such
a way that it works with an SChannel server program. (It'll work as a client
certificate, but not as a server!)

>If we wanted to use Certificate Server, we would not post here asking
>for help ;-).
>So the question is still in the air...
>¿Did anyone work with IIS 5 and openssl? We would be happy just by
>signing the cetreq.txt and create our .crt

I don't know whether it's worth posting your question on an OpenSSL group as
well.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.] 

-- 
Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place   | http://www.wftpd.com or email alun@texis.com
Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for XP/2000/NT.

Relevant Pages
Quantcast