> > Someone knows gives me of the information also on the guides who > can help me? > Thousand thanks for all > > Matteo ;-) >
The certs can be prepared without using CA.all - which is what I did. Two command (.bat or shell scripts) files - one used to create self-issued CA and the other to Issue Certificates signed by the CA. The second command file takes in parameter to indicate if it is a server or client. Also two different conf files were used - one used while creating / using the CA and the other used while creating a CSR. And an extension file which indicates the OID for specifying the EKU for Client/Server. The extension file looks like this [ xpclient_ext ] extendedKeyUsage = 1.3.6.1.5.5.7.3.2 [ xpserver_ext ] extendedKeyUsage = 1.3.6.1.5.5.7.3.1 The OpenSSL Commands used to create CA were openssl req -x509 -newkey rsa -out %CA_DIR%\rootcert.pem -outform PEM openssl x509 -in %CA_DIR%\rootcert.pem -text –noout The OpenSSL Commands to create certificates for WPA Client and Server openssl req -newkey rsa:1024 -nodes -keyout %PRIVKEY_CS_NAME% -keyform PEM -out %REQ_CS_NAME% -outform PEM openssl ca -extensions %EXT_CS_TYPE% -extfile wpa.extensions -out %CERT_CS_NAME% -in %REQ_CS_NAME% To combine the certificate and the private key use openssl pkcs12 -export -clcerts -out %COMBINE_KEY_CERT% -in %CERT_CS_NAME% -inkey %PRIVKEY_CS_NAME% -name %CERT_NAME% I have a zipped file that has these scripts and a also a howto. If you want it pl send me an email. If someone wants to review these files and then host them on a public server - pl let me know. HTH Abhijit __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
