Subject: Troubles Creating a Certificate for IIS Currently our setup consists of a Linux web server running apache. Part of the site is restricted through the use of SSL and client certificates. We have a self-signed root certificate, created with OpenSSL, and a server certificate signed by our root certificate for the Linux machines. We then generate client certificates for users. We need to setup a new server running win2000 and IIS. We would like to create a server certificate for the new machine that accepts all the client certificates from the Linux machines, in addition to new client certificates generated on the IIS machine. Thus far we have been successful in creating a server certificate from the existing root certificate on the Linux web server. We have moved the certificate onto the IIS machine and installed is successfully. We've also added the root certificate to the list of trusted Certificate Authorities on the IIS machine. However, the IIS machine doesn't accept the client certificates generated for the original web server. I have read through the OpenSSL FAQ and when running the following command: openssl s_client -connect myhost:443 -prexit I don't see our CA in the list of accepted CA's. I have followed instructions I've received on this list, and when I actually VIEW the certificate store on the server, under Trusted Certificate Authorities, I see the CA that I installed. I used the following command to create the DER encoded certificate for installation on the IIS machine: openssl x509 -in ca.pem -outform DER -out ca.der I then used the Certificate Wizard on the IIS machine and installed the DER encoded certificate into the Trusted Certificate Authorities store. I'm unsure of what to do next, and any help would be greatly appreciated. Cheers, Brandon ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
