Sorry, the last command shoud have a -outform DER added to it, if you
want your ca in der format.
Anyway, to create a ca is fairly similar to previous versions, the only
thing I have noticed (I am using windows) is that the perl stuff does
not work (but I did not put mcuh time into trying to make them work).
The commands are fairly similar, just create a .bat file with those
commands and things should work.
David Templar wrote:
I think I can help you with PC certs - I am having trouble with phone
certs though :(
openssl genrsa -out ca.key 1024 (or whatever size key you want) you
can also chose dsa or dsa1 etc
and
openssl req -new -x509 -key ca.key -out cacert.pem -config [the name
of the config file] - you can also chose the -md format
Then convert the pem to der format using: openssl ca -in cacert.pem
-out ca.cer
Your ca is ca.cer or if you wanted it in the ---cert type you can omit
the last bit.
Hope it helps.
Alvaro Poole wrote:
Hi, I´m new to OpenSSL 0.9.8. I was using 0.9.7with mod_ssl version
about 2 weeks since yesterday. (everything in Win32,and works I
promise :) )
1.- In 0.9.7 version, i could do my own certificate with:
perl ca.pl -newca (and then, i filled all i need)
But in 0.9.8 it has been some changes that i don´t understand:
- Why, when I write this sentence, does openssl ask me two passwords?
(CA password and CHALLENGE password, i don´t know when it uses)
2.- After this, I always made (in 0.9.7) a server certificate for this
CA with this:
openssl req -newkey rsa:1024 -nodes -keyout newreq.pem -out newreq.pem
- Why now doesn´t openssl ask me a challenge password for this
certificate?
3.- At the end, i signed this certificate with the CA:
perl CA.pl -sign
and now, appears a (doesn´t found private key error)
I supose there is some trouble with mod_ssl 2.8.23 (but in
documentation says that is compatible with openssl 0.98).
My final questions are:
How can I do my own CA and signed with this in this new version and
using mod_ssl 2.8.23+1.3.33? (maybe I´ m doing something wrong, so
please tell me)
Should I use openssl 0.97 for OpenLDAP? I read that OpenLDAP is
incompatible with 0.98. Is that true?
Thanks in advance (and sorry for my english ;) )
Alvaro Poole
PD: I would like with Apache Server to (it´s complicated but I have to)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
