>What commands have you used on OpenSSL to sign the request? You need the CA certificate extensions for obvious reasons.
I used openssl ca -sign and CA.pl -sign.
I thought that 0.9.7 would accept the unknown x509 extensions? (as you can probably tell I am no openssl expert, sorry just trying to figure it out)
Do you have any references for what extensions I need and how to add them?
>Also how are you trying to import the result back into Microsoft CA?
Well the interesting thing is that I can do a certificate import and see that in my personal store and import the CA as trusted root but as per M$ the final step in creating a subordinate CA is to right click the CA in the Certificate Authority MMC and "install CA certificate." I have tried the root ca in pks12 format and the signed csr that was generated by this machine and signed by openssl ca. When I attempt the signed csr cert it says "The new certificate public key does not match the current outstanding request. Bad Key (HEX######)"
TIA,
Steve
- Re: Interoperability with Microsoft CA Charles B Cranston
- Re: Interoperability with Microsoft CA Steve OBrien
- Re: Interoperability with Microsoft CA Dr. Stephen Henson
- Re: Interoperability with Microsoft CA Steve OBrien
- Re: Interoperability with Microsoft CA Dr. Stephen Henson
