On Wednesday 27 February 2008 08:58:10 DucaConte Balabam wrote: > Tomas Gustavsson ha scritto: > > 1. If you can export CA from windows, only MS can tell you. If you can > > export it in a usable format, for example PKCS#12 for the CA keys and > > PEM/DER for user certificate. Depending on the CA product in Linux you > > should be able to import it easily, OpenSSL CA, EJBCA, ... > > Simply backupping up CA. Done. > > > 2. You don't write were your OID appears. Is it an extension? Many CA > > products (again OpenSSL, EJBCA, ...) will allow you to generate > > certificagtes with any type of extensions etc. .pfx is simply another > > name for pkcs12, any CA in linux can create and export pkcs12 files. > > Using MS, when I generate a cert, I select "Certificate type needed: > other" OID: "1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2" > 1.3.6.1.5.5.7.3.1 is serverAuth, and 1.3.6.1.5.5.7.3.2 is clientAuth extended key usages.
You can generate them in the extensions section of the openssl.cnf. something like: extendedKeyUsage = serverAuth, clientAuth For a detailed example of how to set up most of the various parameters you may want to use, you may find: http://www.carillon.ca/library/openssl_testca_howto_1.1.pdf useful. It's for a more complicated setup than what you are probably doing, but it should show you how to build everything you need. Instead of generating a new CA key though, just use the ones that you have already from your old Microsoft CA. Have fun. -- Patrick Patterson President and Chief PKI Architect, Carillon Information Security Inc. http://www.carillon.ca ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
