hi,
I try to use openssl to issue and manage certificates for internal usage.
I generated CA ROOT certificate with utility from openssl and issued server
certificate signed by the CA ROOT. The server certificate and CA ROOT worked
very well with iplanet fasttrack 4.1, a early version web server from sun.
After that I tried to use it with iplanet enterprise 5.5, the server
certificate can be installed sucessfully. But the CA ROOT certificate can be
recognized by iplanet enterprise 5.5, but when I tried to add it, the system
failed with the message:
"Incorrect Usage:Invalid certificate
The server could not import one of the certificates".
I found all ROOT CA from commerical CA can cooperate well with iplanet
enterprise and in version field of all certificates from commericial CA 'V3'
indicates that X509 version 3. In all certificates issued from openssl, the
version field is filled with 'V1'. There are also other differences, such as
fields "issuing organization key id" and "subject key id" do not exist in
certificates from openssl.
Besides the problem as stated above, the crl generated from openssl either
can not work under iplanet enterprise and its version is also 'V1' while
revocation list from commericial product is 'V3'.
As i am a newbie in using openssl, i welcome anyone provide me with any
advice. Thanks in advance.
My email is [EMAIL PROTECTED]
Great thanks!
dingwen from China
_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
- Re: problem:certificate from openssl to work with iplan... wen ding
- Re: problem:certificate from openssl to work with ... Charles B Cranston
