RE: IIS and keyset file format

Tue, 13 Apr 1999 00:20:54 -0700 

Ok, I will try this but how do you deal with
the case where you have a CA chain of intermediate
CAs. The standard way would be to give a PKCS7-cert-only
file but you say that this is a DER certificate file.

And BTW, as I use SSLeay and not openssl, is there a corresponding
function to deal with that NET format?

> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Dr Stephen Henson
> Sent: Monday, April 12, 1999 6:26 PM
> To: [EMAIL PROTECTED]
> Subject: Re: IIS and keyset file format
> 
> 
> Pierre De Boeck wrote:
> > 
> > Does anyone have information about the format
> > used by IIS/key manager to import an RSA key pair and
> > its corresponding CA chain?
> > 
> > I naively believed that MS will standards like PKCS#1
> > and PKCS7 but this is not the case. I also try a PKCS12
> > file but with no more success.
> > 
> 
> That reminds me. I really must install IIS some time. Anyway I believe
> it has two options, a single file or two files. 
> 
> The two file version I *think* needs a private key in NET format and the
> certificate in DER. You may have problems with keys larger than 512 bits
> if you use the international version.
> 
> You can try:
> 
> openssl rsa -in key.pem -out key.net -outform NET
> openssl x509 -in cert.pem -out cert.der -outform DER
> 
> Please let me know if that works.
> 
> NET format BTW is a horribly insecure evil unsalted RC4 format which
> should never have seen the light of day. Make sure you don't leave any
> private keys around in this format.
> 
> The one file version contains a NET format private key and lots of other
> weird stuff. None of which is documented. 
> 
> Steve.
> -- 
> Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
> Personal Email: [EMAIL PROTECTED] 
> Senior crypto engineer, Celo Communications: http://www.celocom.com/
> Core developer of the   OpenSSL project: http://www.openssl.org/
> Business Email: [EMAIL PROTECTED] PGP key: via homepage.
> 
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
> 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to