Not sure if this will help, but I just did some testing with an NT box and Linux box and I found it easier to get the test certs for the NT box from Microsoft at the following link...
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q216907 HTH, Michael ----- Original Message ----- From: "Christian Hohnstaedt" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, August 02, 2002 2:57 PM Subject: Re: self signing - me as the CA > On Fri, Aug 02, 2002 at 10:34:35AM -0500, David Iungerich wrote: > > Based on my needs, I believe utlizing the tools I already have would be best > > for me. That said, does anyone have a yes or no answer for me as to whether > > it will work. Again, the scenario follows. > > > > I have a situation where a test box is an NT machine. It happens to have > > IIS running on it. (Won't be using it, but it's there.) Anyone see any > > issue with me using it to generate a certificate request, then taking that > > req over to a Linux box I have running with openssl, use open ssl to build > > the cert and public key, then using what was generated back on the NT box? > > Also, if anyone has the suggestions for the openssl command syntax, that > > would be nice too. I'd kind of like to ultimately be using a pkcs#12 cert > > and public key. We'll be using a Verisign cert on our production box, but > > for this test box, it's NT, and I'm looking for the simplest route to > > getting a self-signed cert on that box. > > consider the following: > > o I'm not sure, if NT/IIS will be happy with a self signed certificate to > be used as SSL/server certificate > > o for creating a self signed cert from a PKCS#10 request requires the private key > and I'm not sure if NT/IIS enables you to export that key. > > > > Possible solutions: > > o create a selfsigned cert with openssl, convert it to PKCS12 and import it > to NT/IIS > > > o create a CAcert with openssl, use it for signing the NT/IIS�request > and import the signed request and the CA cert into your NT/IIS box > the CA.pl tool will assist you doing this. > > regards > > Christian > > > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
