Sandipan Gangopadhyay wrote:
>
> I want to use Xenroll to generate a keypair on a Windows system and submit
> the public key over HTTPS POST to an ApacheServer/Mod_SSL with a CGI
> invoking openssl ca for the signing. Thanks to Greg Stark's samples and the
> MS Xenroll site, I have been able to start on this task.
>
> I have a few questions:
>
> 1. Extraction of Private Key
>
> strReq = Enroll.createPKCS10( strDN, "1.3.6.1.5.5.7.3.2")
>
> Does strReq contain the private key as well ?
>
No. Its a PKCS#10 certificate request. It just contains the public key
and some other stuff to demonstrate that the requestor has access to the
private key but not the private key itself.
> 2. If it doesnt, where is the private key stored ? How do I access it when
> in the next page the server sends the certificate (PKCS7) back ? So that I
> can install it in the registry ? Or is it already installed ?
>
Its stored in the registry but that doesn't really matter. When the
certificate is sent back it is automatically matched to the relevant
private key by Xenroll itself.
> 4. If it is not essential to include the private key in the CSR, how do I
> extract the public key from strReq so that I can submit it to the server
>
You shouldn't have to. The software should be able to handle the PKCS#10
request and extract the relevant information itself.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
