Re: Certificate for non-windows machines

From: Andy (Andy_at_discussions.microsoft.com)
Date: 11/16/04 

Date: Tue, 16 Nov 2004 00:44:04 -0800

How about if I already have a .csr file (this is from openssl):
The file looks like this:

-----BEGIN CERTIFICATE REQUEST-----
a bunch of lovely base64 ciphertext.
-----END CERTIFICATE REQUEST-----

Is there an easier way than using certreq?
"David Cross [MS]" wrote:

> This whitepaper may help you to submit requests from non windows machines:
>
>
> advanced certificate enrollment:
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/advcert.mspx
>
>
> --
>
>
> David B. Cross [MS]
>
> --
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
> http://support.microsoft.com
>
> "Andy" <Andy@discussions.microsoft.com> wrote in message
> news:8DC05072-97FA-400E-921D-EFE1C1958158@microsoft.com...
> >I am trying to generate certificates for some apache servers running on
> >linux.
> > After the OpenSSL request generation, when I attempt to validate the
> > certificate in the CA tool, it complains saying that it failed because the
> > certificate doesn't have a template.
> >
> > How do I fix this? Or, how do you sign certificates made on non-windows
> > machines?
>
>
>

Relevant Pages

  • E2k7 Zertifikate (CSR mit openSSL signieren)
    ... Auf diesem habe ich eine RootCA und eine ServerCA etabliert. ... Mit New-ExchangeCertificate erzeuge ich jetzt ein Zertifikatsrequest (CSR) und stelle diesen der openSSL Server CA zum signieren bereit. ... certificate = $dir/ServerCA.cert.pem ...
    (microsoft.public.de.exchange)
  • Re: guidance on SSL certs and Apache2
    ... including the fact that the setup is neither automated nor documented ... > it has Kleopatra for certificate management. ... openssl req -new -key server.key -out newreq.pem ... /etc/init.d/apache2 restart ...
    (Debian-User)
  • Re: Pine and CA certificates
    ... Pine is installed in a shared file system; it would have been nice for the CA certificate that signed the IMAP server's certificate to have been there too. ... So, instead of reconfiguring OpenSSL once and being done with it, you instead want to reconfigure every application program that uses OpenSSL? ... You don't want the SSLKEYS directory to be the same as the CA certificate directory, since only a file protection stands between that key and a hacker who could do bad things with it. ... Most people just use the OpenSSL standard CA certificate directory, or they rebuild OpenSSL so that its standard CA certificate directory is what they want it to be. ...
    (comp.mail.pine)
  • Re: Help with issuing self signed certificates
    ... I generate a RSA key using openSSL. ... How do I make the clients trust my CA? ... OpenSSL comes with a simplistic script CA.sh (there's also a perl ... You also need a CA certificate, and a few files here and there for the ...
    (comp.security.misc)
  • 2K3 Cert Svcs gives invalid policy error on OpenSSL gend cert req
    ... OpenSSL-based UNIX SSL client and server and a Windows Server 2003 ... Standard Edition with Certificate Services for the CA. ... The OpenSSL generated ones look like, ... X509v3 Extended Key Usage: ...
    (microsoft.public.windows.server.security)