Hello,
I generated a root, a server and a client certificate like the following:
Root:
openssl req -new -config certs/root/root.cnf > certs/root/root.csr
openssl rsa -in certs/root/root.pem -out certs/root/root.key
openssl x509 -extfile certs/root/root.cnf -in certs/root/root.csr -out
certs/root/root.crt -req -signkey certs/root/root.key -days 3650
openssl x509 -in certs/root/root.crt -outform DER -out certs/root/root.der
Server:
openssl x509 -req -extfile certs/server/server.cnf -in certs/server/server.csr
-out certs/server/server.crt -CA certs/root/root.crt -CAkey
certs/root/root.key -CAcreateserial -days 365
Client:
openssl req -new -config certs/client/client.cnf > certs/client/client.csr
openssl rsa -in certs/client/client.pem -out certs/client/client.key
openssl x509 -extfile certs/client/client.cnf -req -in certs/client/client.csr
-out certs/client/client.crt -CA certs/root/root.crt -CAkey
certs/root/root.key -CAcreateserial -days 300
openssl pkcs12 -export -in certs/client/client.crt -inkey
certs/client/client.key -out certs/client/client.pfx -name "Kalles Zertifikat"
-certfile certs/root/root.crt
I can bring the whole thing to work (server requires client-configuration)
under N4, IIS 4, IE 5.01.
Today I migrated to Win 2000, IIS 5, MSIE 5.01 and configure the system like
the one under NT 4. When the client accesses the server I have to select my
certificate but then I get an error:
The page requires a valid client certificate
The page you are trying to view requires the use of a valid client
certificate. Your client certificate was revoked, or the revocation status
could not be determined. The certificate is used for authenticating you as a
valid user of the resource.
Where's the problem? Why does it work under IIS 4 but not under IIS 5? How
could I fix it?
Thanks
Stefan Westner
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
