What are the steps for making a self-signed digital certificate that Outlook likes?
I am trying to create a digital signature using a self-signed CA and Outlook keeps telling me that I have an invalid format. The procedure I'm following is below. In summary, I create my self-signed CA, I create my client.req then the ca signed client.cer. I've tried converting this to a PKCS#12 cert but it did not make a difference. Create CA: openssl dsaparam -out dsap.pem 1024 openssl gendsa -out ca.key -des3 -rand randfile dsap.pem openssl req -new -key ca.key -out ca.csr -config openssl.cnf openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.cer Create Client signed certificate: openssl gendsa -out client.key -des3 -rand randfile openssl req -new -key client.key -out client.csr -config openssl.cnf openssl x509 -req -days 365 -CA ca.cer -CAkey ca.key -CAcreateserial -in client.csr -out client.cer If converting to pkcs12: openssl pkcs12 -export -in client.cer -inkey client.key -certfile ca.cer -caname "COMPANY" -out ~nei/projects/client.pfx -name "Client Certificate" Thanks, Chris __________________________________________________ Do You Yahoo!? Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
