Raul Gutierrez Rodriguez wrote:
>
>
> In the file data there isnt the word between ( )
>
> I test with the comand :
> openssl req -new -newkey rsa:512 -keyout file.pem -out file.pem < data
> but always openssl ask me the pem file's password.
>
Tricky. I think some people have managed to use things like 'expect'
under Unix to get around this. You can use the -nodes option to store
the private key unencrypted and later encrypt it with the 'rsa' utility.
OpenSSL 0.9.5 will have some options to allow this kind of thing to be
automated: for example 'rsa' can now take its password(s) from either
the command line (not recommended on certain platforms) or the
environment.
>
> 2- How can I put a field v3 extention to a certificate and the data to
> this
> field ask in the proccess to generate the request?
>
You can't. At least not yet anyway. The way to do this would be to
include a set of extensions in the certificate request. This is possible
in 0.9.5 but not useful because both 'ca' and 'x509' ignore the
extensions.
> 3- How can i setup the IIS 4 so that it check the certificate in the CRL
> issue by my CA?
>
Try the CRLDistributionPoints extension in the CA certificate. You can
point to a URL where a compliant application will attempt to download a
current CRL. You can then check the server logs to see if it actually
attempts to download the CRL.
There's no guarantee the IIS will actually take any notice of this
extension: has anyone tried this?
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
