On Thu, Jan 13, 2005, Shaun Lipscombe wrote: > I have used openssl to setup a CA to sign site certificates and client > certificates. All is working just great , however I have a couple of > questions to ask so that I dont go insane. > > Why is it that a Microsoft box requires SSL certificates be imported > from a PCKS12 file when all other operating systems and software are OK > with a PEM certificate? >
It doesn't. You can do that of course but the preferred technique is the same as every other environment: create a private key on the microsoft box, sign a request with it, send request to the CA and install the resulting certificate. For MSIE you can use Xenroll for that. > Another question I have is I have seen documentation on the net showing > CSR's being generated that catenate the private key and PEM encoded > certificate request prior to be sent for signing by the CA. This again > seems *strange*. Why is this done? Probably for the same reasons some sites suggest that a CA certificate is installed by creating a PKCS#12 file including the CA private key: sheer ignorance :-( Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
