Here are the steps I used to create the cert: I removed some information to protect the innocent.
Thanks! Mike openssl genrsa -des3 -out portal-server.key 1024 openssl req -new -key portal-server.key -out portal-server.csr Using configuration from /usr/share/ssl/openssl.cnf Enter PEM pass phrase: <Enter-Password> You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:US State or Province Name (full name) [Berkshire]:Oregon Locality Name (eg, city) [Newbury]: Organization Name (eg, company) [My Company Ltd]:xxxxxxxxxxxxxxxxxxxxxxxxx Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:xxxxxxxl.xxxxxxxx.xx Email Address []:xxxxxxxxxxxxxxxxxxx Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: This completes the server side of the certificate. Ensure that the /usr/local/apache2/conf/ssl.conf has the correct information for the certificates. This section covers creating a certificate so you can access the Portal. This process is automated on the Portal, however since you created a new certificate (server side) you cannot access the Portal. openssl x509 -req -in portal-server.csr -out portal-server.crt -sha1 -CA mikek-ca.crt -CAkey mikek-ca.key -CAcreateserial -days 3650 openssl genrsa -des3 -out mikek-c.key 1024 Generating RSA private key, 1024 bit long modulus ..++++++ ........................................................................ ++++++ e is 65537 (0x10001) Enter PEM pass phrase: <Enter-Password> Verifying password - Enter PEM pass phrase: <Enter-Password> openssl req -new -key mikek-c.key -out mikek-c.csr Using configuration from /usr/share/ssl/openssl.cnf Enter PEM pass phrase: <Enter-Password> You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:US State or Province Name (full name) [Berkshire]:Bend Locality Name (eg, city) [Newbury]: Organization Name (eg, company) [My Company Ltd]:xxxxxxxxxxxxxxxxxxxxxx Organizational Unit Name (eg, section) []:Sales Common Name (eg, your name or your server's hostname) []:Mike Koponick Email Address []:[EMAIL PROTECTED] Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: openssl x509 -req -in mikek-c.csr -out mikek -c.crt -sha1 -CA mikek -ca.crt -CAkey mikek -ca.key -CAcreateserial -days 3650 openssl pkcs12 -export -in van-c.crt -inkey mikek -c.key -name "Mike Koponick" -out mikek -c.p12 openssl pkcs12 -in mikek -c.p12 -clcerts -nokeys -info Thanks! Mike -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ted Mittelstaedt Sent: Monday, March 19, 2007 12:02 AM To: openssl-users@openssl.org Subject: Re: Self-Signed Certificate - Windows Vista please post the steps you did to create the self-signed cert Ted ----- Original Message ----- From: Mike Koponick <mailto:[EMAIL PROTECTED]> To: openssl-users@openssl.org Sent: Thursday, March 15, 2007 1:09 PM Subject: Self-Signed Certificate - Windows Vista Hello, I've searched the archives and Google, but have turned up empty handed. I currently run a web server that has a self-signed certificate generated by OpenSSL (Running Apache, Linux, etc). When I try to connect to the web server via the Vista machine, all I get is a blank page. I searched for errors in the logs and haven't found anything that points me in the right direction. Has anyone else seen this issue? Thanks in advance, Mike
