Originally, I had sent this to the modssl-users list but this might be a
more appropriate list as it deals more with the SSL utilitites that are used
to generate CSRs.
---------- Forwarded message ----------
Date: Sat, 29 Jan 2000 19:35:05 -0800 (PST)
From: Merton Campbell Crockett <[EMAIL PROTECTED]>
To: mod_SSL Users List <[EMAIL PROTECTED]>
Subject: Generating CSR for Netscape Certificate Server based CA
I need to create a Certificate Signing Request for the DoD Certificate
Authority. DoD uses a Netscape Certificate Server to manage and sign its
certificates.
To date, I have not been able to generate a CSR that is acceptable to the
Netscape Certificate Server. All requests are rejected with a "bad DER
encoding" error. While this may be an accurate error, I am beginning to
suspect that the problem may be a field that is required by the Netscape
Certificate Server but that is optional or not used by a commercial third-
party Certificate Authority, e.g. VeriSign, Thawte, CyberTrust, etc.
Currently, I'm using Apache/Stronghold rather than Apache/mod_ssl; however,
due to the common SSL ancestry, I'm hopeful that someone has had to address
this problem and can provide a solution to my problem.
I have not made any changes to any SSL configuration files. And, I have
only used the basic utilities to convert from the PEM formats used in an
Apache SSL environment to the DER formats used by Netscape.
Merton Campbell Crockett
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
