Could you, Please, send me the openssl.cnf (or relevant part of it) you
used to sign the certificate.
The sign script I use creates one .cnf on the fly so check it out.
The proccess I follow is this:
I generate the key:
openssl genrsa -des3 -out clienteNets-dsa.key 1024
Then I generate the csr
openssl req -new -key clienteNets-dsa.key -out clienteNets-dsa.csr
I sign the request whith this cnf:
[ ca ]
default_ca = CA_own
[ CA_own ]
dir = .
certs = \$dir
new_certs_dir = \$dir/ca.db.certs
database = \$dir/ca.db.index
serial = \$dir/ca.db.serial
RANDFILE = \$dir/ca.db.rand
x509_extensions = usr_cert
certificate = \$dir/ca-rsa.crt
private_key = \$dir/ca-rsa.key
default_days = 365
default_crl_days = 30
default_md = md5
preserve = no
policy = policy_anything
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ usr_cert ]
#keyUsage=digitalSignature
subjectKeyIdentifier=hash
issuerAltName=URI:http://www.somesite.com/
#issuerAltName=issuer:copy
#extendedKeyUsage="TLS Web Client Authentication"
Put the crt and the key in one file and then i generate the p12 file
cat clienteNets-dsa.key clienteNets-dsa.crt > clienteNets-dsa.pem
openssl pkcs12 -export -in clienteNets-dsa.pem -name "client certificate" -out
clienteNets-dsa.p12
Is there any difference with yours
Thankx
Nacho
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
