Why did you concatenate the server.key and the server.csr? Why don't you use the csr to produce the certificate???
> -----Urspr�ngliche Nachricht----- > Von: Ronan [mailto:[EMAIL PROTECTED] > Gesendet: Mittwoch, 27. Oktober 2004 12:28 > An: [EMAIL PROTECTED] > Betreff: CSR signing > > > ok so ive generated a CSR and key using... > > [EMAIL PROTECTED]:~$ openssl genrsa -out server.key 1024 > Generating RSA private key, 1024 bit long modulus > ..++++++ > ......++++++ > e is 65537 (0x10001) > [EMAIL PROTECTED]:~$ openssl req -new -key server.key -out server.csr > > [...] > > then i did > > cat server.key server.csr > rtest.pem > > is this right?? > > then... > > /usr/local/ssl/bin/openssl x509 -req -in ./rtest.pem -CA ./cacert.pem > -CAkey ./private/cakey.pem -CAserial ./serial -out ./ronanscert.pem > > to sign the pem with my own CA root Cert > > now when i cat ronanscert.pem > -----BEGIN CERTIFICATE----- > [snip] > -----END CERTIFICATE----- > > this so far looks good right???? > > now i need the cert for a windows box so i need to pkcs12 it > > what is the private key i need to put in the file > ronanscert.pem?? is it > the one i geretaed for the server or is it the CA root key??? > > im a bit confused... > i know this is gonna be very simple for some of you but im > still pickin > this up... > > any help is much appreciated! > > -- > Regards > > Ronan McGlue > ============== > Analyst/Programmer > Information Services > Queens University Belfast > BT7 1NN > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
