On Thu, Jul 07, 2005, Pj wrote: > Hi all, > > My application needs to support Non-repudiation using X509 certificates ala > AS2. > > Has anyone had the pleasure of storing X509 client and server certificates > in the windows certificate registry / database? And if so, whats the best > place to start to convert X509 to the windows format? >
Do you mean the database use by MSIE et al? If so then there are two options. If you want to install the certificate *and* private key use PKCS#12 format, the OpenSSL pkcs12 utility and APIs can do that. Use a .pfx oro .p12 extension if you want Windows to recognise the file type automatically, If you want to install just the certificate (not sure why you'd want to do that with a server certificate: you should store its CA) then use DER format AND NOT PKCS#12!! The reason for the emphasis is in the FAQ. Use an appropriate extension such as .crt. If you want to install these manually then use the certificate import wizard from MSIE or just double click on them. If you want to install them programatically then you'll need to use CryptoAPI. Details in the MS docs. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
