Re: I've modify CA.pl

Fri, 11 Jun 1999 01:19:06 -0700 

Raul, and those who's interested ,

If you want to import certificate in IIS, here is the instructions I used,

1. Generate certificate request using Certificate Manager with IIS,
2. Sign the certificate request using openssl, or CA.pl -sign,
3. Do a little translation (all in one line),

openssl x509 -in newcert.pem -outform PEM | perl -e "while (<>) { print if
!/^-----.*CERTIFICATE-----$/; }" > iiscert.pem

(Sorry, I only know Perl syntax.  Maybe someone can modify it to use grep or
something.)

  Or you may just use an editor to keep those BASE64 codes
between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- (those 2
lines will NOT keep).

4. Import iiscert.pem using Certifcate Manager, close Certificate Manager to
confirm changes, then restart WWW service to make your newly imported
certificate work.

On my NT workstation with IIS 4, it imports ok. ^_^

Now you can setup your directory with SSL enabled, and use https:// to test
SSL function.  For I sign my request with experimental CA, MSIE5 complains
about untrusted CA.  Netscape 4.5 will ask many questions, and works fine. I
think it's OK.

ps. Who will ever think about strip those 2 lines out to make it works?  ^_^

> It is:
>
>    openssl x509 <some_options_without_out_option> | grep \\- > outfile
>
> Or in other words: not inertnal to openssl ;-)
>
> Raul Gutierrez schrieb:
> >
> > Pierre:
> >
> > > IIs is very limited in its supported format of
> > > certificates: the imported certificate must be B64-encoded,
> > > without the PEM header!!! Any other format, like the useful
> > > PKCS7 one does not work.
> > >
> >
> > Whay is the comand in openssl used for create a certificate in
B64-encode
> > without the PEM Header
> >
> > Thanks in advances.
> >
> > Raul Gutierrez
> >
> > ______________________________________________________________________
> > OpenSSL Project                                 http://www.openssl.org
> > User Support Mailing List                    [EMAIL PROTECTED]
> > Automated List Manager                           [EMAIL PROTECTED]
>
> --
> Holger Reif                  Tel.: +49 361 74707-0
> SmartRing GmbH               Fax.: +49 361 7470720
> Europaplatz 5             [EMAIL PROTECTED]
> D-99091 Erfurt                    WWW.SmartRing.de
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to