I would like to create a key+certificate using OpenSSL, and import that to MS SqlServer 2005 for it to use for encrypted sessions (please don't ask why I need to do this, some of us are just cursed). Microsoft imposes various restrictions on such certificates, including one I do not understand: from: http://blogs.msdn.com/sql_protocols/archive/2005/12/30/508311.aspx "The Certficate's key spec must include AT_KEYEXCHANGE property"
Can anyone tell me whether this is a property of the key as generated by OpenSSL (and how would I modify my openssl commands) to do so), or would it be purely something I have to set while importing the key into MS land (I know this isn't the forum for the latter). The commands I use to generate the key+cert: openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout mycert.pem -out mycert.pem openssl pkcs12 -export -out mycert.pfx -in mycert.pem -name "My certificate" openssl x509 -inform PEM -in mycert.pem -fingerprint -sha1 -noout (the last I use just to extract the fingerprint to jam into the MS registry -- which for reasons beyond my ken they refer to as a "thumbprint"). Thanks. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
