Oblio, You're right; it is difficult getting started with OpenSSL. Make sure you've read the man pages at http://www.openssl.org/docs/apps/openssl.html (go through the individual commands). Look at the "config" page to get a idea what the config file looks like. To get a better idea, look for the openssl.cnf file that is in your distribution.
You can also look through the archives to see if someone has asked or answered your questions already (use the support link, then one of the "openssl-user" links (some have better search engines than others). After that, if you have problems, try and be as specific as you can with your question and you'll be more likely to get help. -Bob > -----Original Message----- > From: Oblio [mailto:subscriber@;locustcreek.com] > Sent: Thursday, November 07, 2002 4:38 PM > To: [EMAIL PROTECTED] > Subject: Re: PKCS#10? > > Ok, I know it's very basic, it's just that there's no easy starting point > for someone who's never done this. > > First, understand that I'm attempting all this under WinNT, and I couldn't > even get the thing to compile. Fortunately, the folks at > shininglightpro.com posted a win32 port, so at least I have the > executable. However, I don't have any of the manuals (although, I can > kind > of read through the .pods). > > I have a cert request that I want to sign, and I don't know how to go > about > it. If I do what you suggest, and use the ca command, it's looking for a > config file (which I don't have, nor do I know what's supposed to be in > it). I've tried using the x509 command, and I get closer, but it's either > looking for a key, or a trusted cert. Do I just generate an RSA (or some > other kind?) of key? If so, don't I need to distribute a public key to > challenge the cert with? > > This really isn't very straight forward, and I can use all the help I can > get. > > Thanks, > Oblio > > At 11/7/2002 09:52 PM +0100, you wrote: > >this is very basic. > > > >pkcs#10 is the standard request format. > >under normal circumstances, the client ( person who requests a > certificate) > >sends a pkcs#10 to the ca and the ca signs this request. > > > >in openssl this is done with > > > >openssl ca -in thePKCS#10.pem -out theCert.pem, > > > >using different options for CA-name, validity, keyfile, directories, > >extensions, batch mode, ... > >you find this with > > > >man ca > > > >Best regards, > >Michael > > > >Am 2002-11-07 21:30 Uhr schrieb "Oblio" unter > <[EMAIL PROTECTED]>: > > > > > Does anyone know what to do with a PKCS#10 cert request? > > > > > > Oblio > > > > > > ______________________________________________________________________ > > > OpenSSL Project http://www.openssl.org > > > User Support Mailing List [EMAIL PROTECTED] > > > Automated List Manager [EMAIL PROTECTED] > > > >-- > >*********************************************************************** * > >Karl-Michael Werzowa > >A-1190 Wien, Paradisgasse 28/4/6 > >+43 (664)302 4511, fax +43 (1)328 1992 14 > >[EMAIL PROTECTED], [EMAIL PROTECTED] > >*********************************************************************** * > > > >______________________________________________________________________ > >OpenSSL Project http://www.openssl.org > >User Support Mailing List [EMAIL PROTECTED] > >Automated List Manager [EMAIL PROTECTED] > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
