Hi folks, I've entered the big complex world of Certificates and I need a little help.
I've got a Windows XP network and a Linux server. We wish to use certs to sign electronic forms with MS Infopath 2003. I've read up on how to make a CA cert using openssl and I can make on the Linux Server the user certs for our employees and I put these on a secure shared folder for them. I have to make .p12 certs as Infopath needs a private key seemingly. But after I import a user's cert into their MMC into the Personal store, and look in the General tab, the user cert says its not trusted. It says "This CA Root certficate is not trusted". Ok, so I put into the Trusted Root CA store, the Server's cert. Still the Personal cert says its not trusted. So at this point I'm stuck. I thought it would trust the user cert because it would look in the Trusted Root CA store and see the Server's cert in there. Can someone point out the 'obvious thing' I'm not seeing. :-) If it helps, here is how I generated the certs. 1st, the CA. openssl req -config openssl.cnf -new -x509 -keyout ECS_CA/private/cakey.pem -out ECS_CA/cacert.pem -days 3650 Then I used the following commands to generate the users certs on the Server: openssl req -new -key ECS_CA\private\cakey.pem -out stuarth.csr openssl ca -policy policy_anything -out stuarth.cer -infiles stuarth.csr Infopath needs a cert with a private key so the .p12 format is required. openssl x509 -in stuarth.cer -out stuarth_certx509.pem openssl pkcs12 -export -in stuarth_certx509.pem -inkey ECS_CA\private\cakey.pem -out stuarth.p12 and it is stuarth.p12 which I import into mmc - Personal. -- Stuart Halliday ECS Technology ltd Registered in Scotland - #212513 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
