I want to use Xenroll to generate a keypair on a Windows system and submit
the public key over HTTPS POST to an ApacheServer/Mod_SSL with a CGI
invoking openssl ca for the signing. Thanks to Greg Stark's samples and the
MS Xenroll site, I have been able to start on this task.
I have a few questions:
1. Extraction of Private Key
strReq = Enroll.createPKCS10( strDN, "1.3.6.1.5.5.7.3.2")
Does strReq contain the private key as well ?
2. If it doesnt, where is the private key stored ? How do I access it when
in the next page the server sends the certificate (PKCS7) back ? So that I
can install it in the registry ? Or is it already installed ?
3. If it does contain the private key, I dont want to submit the entire
keypair for signing. Is it essential for the private key to be submitted to
openssl ca ? In the CSR ?
4. If it is not essential to include the private key in the CSR, how do I
extract the public key from strReq so that I can submit it to the server
5. Lastly, if strReq only contains in the PKCS10, the public key, when I
obtain the PKCS7 back from the CA server and ACCEPT it
Enroll.acceptFilePKCS7 (strCrt)
can Windows install it automatically linked to the private key installed in
the registry ?
These questions show I am lost here and more than a little confused about
PKCS10 and Xenroll. Replies to these qs will help me find my way. Thanks for
your time.
Regards,
Sandipan
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
