On Mon, Nov 18, 2002 at 03:04:03PM +0100, Karl-Michael Werzowa wrote: > Had some experiences with M$-certificate authorities. > We provided a root cert to a M$-Certificate server, which led to some > problems.
Now there's a surprise! ;-) > > Hey, Vadim, it may be a less than perfect idea to let M$ do the support. In > my case they took about a month to provide the needed hints and they were > provided in form of MS-API stuff. Yeah - I've dealt with M$ quite a bit - I've never got useful answers out of them - doesn't matter what you pay them... > > The solution, nevertheless was easy, and mavbe it helps you: > > 1) It definitely needed crlDistributionPoints and authorityInfoAccess and, > most important, when creating the pkcs#12: use the -keysig option! Wow - OK I didn't have authorityInfoAccess, and I didn't use "-keysig". Does that disable funtionality of the cert in any way? I want to generate server certs that can be used by Apache/IIS and EAP-TLS, and client certs that allow users to do S/MIME, and EAP-TLS - does the "-keysig" break any of that? Thanks for your help -- Cheers Jason Haar Information Security Manager, Trimble Navigation Ltd. Phone: +64 3 9635 377 Fax: +64 3 9635 417 PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
