DER encoding:

GOMEZ Henri Wed, 3 Mar 1999 04:58:53 -0500
I'm trying to generate a certificate for IE 4.

The .p12 generated by the following script is successfully imported in
NS.

But the DER encoded cert generated from .pem' one via 
$ssleay x509 -in $sslcrtdir/$user.crt -outform DER -out
$sslcrtdir/$user.der

Any Idea...

PS: I run my own self signed CA.

.....
(modified from mca.sh from ssl_mod)

$ssleay x509 -days 365 \
             -CAserial $jmcaserial \
             -CA $sslcrtdir/ca.crt \
             -CAkey $sslkeydir/ca.key \
             -in $sslcsrdir/$user.csr -req \
             -out $sslcrtdir/$user.crt
if [ $? -ne 0 ]; then
    echo "jmca:Error: Failed to generate X.509 certificate" 1>&2
    exit 1
fi
$cafix \
     -nscertype 0xB0 \
     -nobscrit \
     -pathlen 0 \
     -in $sslcrtdir/$user.crt \
     -inkey $sslkeydir/$user.key \
     -nosign \
     -out $sslcrtdir/$user-tmp.crt
if [ $? -ne 0 ]; then
    echo "jmca:Error: Failed to patch X.509 certificate" 1>&2
    exit 1
fi
$cafix \
     -in $sslcrtdir/$user-tmp.crt \
     -inkey $sslkeydir/ca.key \
     -out $sslcrtdir/$user.crt 
if [ $? -ne 0 ]; then
    echo "jmca:Error: Failed to patch X.509 certificate" 1>&2
    exit 1
fi
rm -f $sslcrtdir/$user-tmp.crt
caname="`$ssleay x509 -noout -text -in $sslcrtdir/ca.crt |\
         grep Subject: | sed -e 's;.*CN=;;' -e 's;/Em.*;;'`"
username="`$ssleay x509 -noout -text -in $sslcrtdir/$user.crt |\
            grep Subject: | sed -e 's;.*CN=;;' -e 's;/Em.*;;'`"
$pkcs12 \
    -export \
    -in $sslcrtdir/$user.crt \
    -inkey $sslkeydir/$user.key \
    -certfile $sslcrtdir/ca.crt \
    -name "$username" \
    -caname "$caname" \
    -out $sslcrtdir/$user.p12

$ssleay x509 -in $sslcrtdir/$user.crt -outform DER -out
$sslcrtdir/$user.der
 
+---------------------------------------------+
|                 | S.L.I.B                   |
|   ____[_]____   | 5 Place Charles Béraudier |
|      (. .)      | 69428 Lyon Cedex 03       |
+-oOOo--(_)--oOOo-----------------------------+
|                             Tel: 0472367723 |
| Henri Gomez  [EMAIL PROTECTED]  Fax: 0472367778 |
+---------------------------------------------+


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
DER encoding:

Reply via email to
