Darn, so there's a bug in CA.pl, well, I've never explored that utility.
Anyway, if you'd just followed the instructions in the HOWTO to create
CSR's, you wouldn't end up having the private key concatenated with the
request.
And, the private key is needed by "openssl req" to sign the request.
CSR's have to be signed... You know this, right? :))
Uri wrote:
Tan Eng Ten wrote:
But how??? Could you give an example please (of [a] creating, and [b]
signing a "req")?
How is in the HOWTO (http://www.openssl.org/docs/HOWTO/)
Darn, I thought I explained the problem: openssl "req" seems to require
private key of the cert requestor, which defeats the whole idea of PKI.
Here's the excerpt of the HOWTO you're referring me to. It is not
helpful, sorry - for the above reason (private key necessary).
The certificate request is created like this:
openssl req -new -key privkey.pem -out cert.csr
^^^^^^^^^^^^^^^^
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
