Re: Openssl CA for windows nt 2003, any docs on this out there?

Tue, 01 Mar 2005 16:56:07 -0800 

Thanks for the help all!

As far as I can tell you can not use the certificate
snap-in to create a certificate request for a
third-party CA. If you try it will fail claiming that
it can not contact the CA server.

If you install the CA management tool and then try to
make a request the certificate snap-in will
auto-enroll your system and return the certificate.
You will not be given a chance to create a request
that can then be sent off for signing to a third party
CA.

To get around this I made sure that my CA certificate
was imported into "trusted root" section of the
certificate snap-in for the system. Then on the
openssl CA I created a key then request then signed
the request  with the CA's key then created a PKCS12
file from the newly cerate server key and sign
certificate.

I carried the pkcs12 file over to the server and
imported it with the certificate snap-in for the
system's personal container. I checked so see if 636
was up and listing then use openssl s_client to
connect and test.

Everything seems to be working but I still need to
test Linux clients using LDAPS agsinst this
configuration.

I went from Novell to Unix to M$ windoze to Linux
                        |--Linux -------------|

err well almost, thanks M$ for making the choice of
being dragged over a mile of glass perferable to
integrating other systems.

Cheers!



--- ohaya <[EMAIL PROTECTED]> wrote:

> Ray,
> 
> I've enabled LDAPS on AD before, but only using MS
> Certificate Services
> configured as an Enterprise CA, so I haven't tried
> this myself, but
> here's an article that might be useful:
> 
> http://support.microsoft.com/?id=321051
> 
> Jim
>
______________________________________________________________________
> OpenSSL Project                                
> http://www.openssl.org
> User Support Mailing List                   
> openssl-users@openssl.org
> Automated List Manager                          
> [EMAIL PROTECTED]
> 



                
__________________________________ 
Do you Yahoo!? 
Yahoo! Mail - 250MB free storage. Do more. Manage less. 
http://info.mail.yahoo.com/mail_250
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to