Bingo!
The string:
bash-2.04# OpenSSL ca -out request.pem -notext -infiles certreq.txt
where -out =the cert to be generated, and -infiles =the pending request,
the -notext option supresses the plaintext form of the certificate to the
output file. IIS 5 seems to like this.
output looks like:
-----BEGIN CERTIFICATE-----
MIIECDCCA3GgAwIBAgIBBTANBgkqhkiG9w0BAQQFADCByzELMAkGA1UEBhMCVVMx
EjAQBgNVBAgTCU1pbm5lc290YTEQMA4GA1UEBxMHQmF5cG9ydDEdMBsGA1UEChMU
QW5kZXJzZW4gQ29ycG9yYXRpb24xJDAiBgNVBAsTG0luZm9ybWF0aW9uIFJpc2sg
TWFuYWdlbWVudDEgMB4GA1UEAxMXZGFlbW9uLmFuZGVyc2VuY29ycC5jb20xLzAt
BgkqhkiG9w0BCQEWIGVyaWMubmV2YWxhaW5lbkBhbmRlcnNlbmNvcnAuY29tMB4X
DTAxMDgyMjE1NDI0MVoXDTAyMDgyMjE1NDI0MVowgYIxCzAJBgNVBAYTAlVTMRIw
EAYDVQQIEwlNaW5uZXNvdGExHTAbBgNVBAoTFEFuZGVyc2VuIENvcnBvcmF0aW9u
MSwwKgYDVQQLEyNBbmRlcnNlbiBDb3Jwb3JhdGlvbiBJVFMgRGVwYXJ0bWVudDES
MBAGA1UEAxMJYnB3ZWJkZXYzMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCq
/cnKscpUJUOFKbYkzTtj+sb8EpRViqhKPsENV8WL3c2v9FGe4QI0/G956EYMSLe9
XQwlImLb3iR+Ag5eyg/bXD4UA7ENXE94Uudlu7b+aYkOprnYCISkUHez0qM86MVP
cjb2txt4W+9wcXWjsonRbUm6uBg08JvAKs3Yd0qHbwIDAQABo4IBQTCCAT0wCQYD
VR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlm
aWNhdGUwHQYDVR0OBBYEFBmAhoIdiu9OFnABdQWmtTm/MgyKMIHiBgNVHSMEgdow
gdehgdGkgc4wgcsxCzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlNaW5uZXNvdGExEDAO
BgNVBAcTB0JheXBvcnQxHTAbBgNVBAoTFEFuZGVyc2VuIENvcnBvcmF0aW9uMSQw
IgYDVQQLExtJbmZvcm1hdGlvbiBSaXNrIE1hbmFnZW1lbnQxIDAeBgNVBAMTF2Rh
ZW1vbi5hbmRlcnNlbmNvcnAuY29tMS8wLQYJKoZIhvcNAQkBFiBlcmljLm5ldmFs
YWluZW5AYW5kZXJzZW5jb3JwLmNvbYIBADANBgkqhkiG9w0BAQQFAAOBgQAoMkwE
8zNv4R4C7+JDtY50Iq/xlkm1BpfM6/SpRIWg6zXmB+fbOxwW5oyD4BJ944Poki7I
qki2c7OSrMn0ZT/qpoEsYkXrC81klKY3730rcOnl0wZqsAYA43/8E90Fdn8o2L7n
+jLGEJmyilSCdSdP1V3H9j5w/oPdojVEli0DZg==
-----END CERTIFICATE-----
The only problem I have left, is getting the cert to work properly. IE
won't load the page, something about "unable to verify signing authority".
I suspect I need to hang the signing CERT out on a web page for
verification. I'm not sure though....
***********************************************************************
Eric Nevalainen CISSP phone: 651-264-7164
Information Risk Management fax: 651-264-5614
Andersen Corporation Cel: 651-470-4307
100 Fourth Avenue North Pager: 651-470-4307
Bayport MN 55003
[EMAIL PROTECTED]
***********************************************************************
-----Original Message-----
From: Robert Krenn [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 22, 2001 9:21 AM
To: Nevalainen, Eric
Subject: Re: curious
On Wed, 22 Aug 2001, Nevalainen, Eric wrote:
> Robert,
>
> I was wondering if you had received an answer to your question on the
> openssl list the other day. I find myself in much the same situation.
>
HI,
no I have not received any answer to it yet.
I've been too busy to test the various ideas I have on the issue.
One idea could be that openssl creates the certificates in .pem format and
MS IIS need to get the certificate in some other format. I belive I saw
something about this on the openssl-list yesterday.
I keep your mail and send you a note if I get it working.
Regards
//Robert
---
Frontyard Communications AB
Tel: +46 8 56844100 http://www.frontyard.com
ISDN: +46 8 4488012 Fax: +46 8 56844101
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
