On January 6, 2009 12:20:47 pm Richard Lichvar wrote: > A newbieto OpenSSL here. (Mainly used to using 3rd party authorities.) > Not very good at command line stuff either. > > > > 1. Cert request generated from IIS 6 but it is against the default > website with .txt extension. Can a cert be generated using this request? > Depends - is the file a PKCS#10 request? If so, then as long as the private key is the same as that which will be used by your site, then it could be used for requesting a Certificate from a CA.
> 2. Used the example in CA.pl doc to generate a new CA and request. > When doing CA.pl -signreq getting an error re. "unable to load CA > private key" followed by a 2072:error:0906D06C:PEM.... > Sounds like you haven't properly set up your CA. > 3. How can I generate a cert using the original certreq.txt > generated by IIS? > CA.pl -signreq is one way. But only after properly setting up the CA. > 4. How do I insure any cert generated will be recognized by IIS? > I'm not sure that I understand - once loaded and configured into IIS, the certificate is PRESENTED by IIS to the browser. Thus, it is the browser that will be "recognising" the Certificate, not IIS. Now, if you are just deploying this internally in a test environment, you can just tell your test browsers to not care about trusting the Certificate. If you are deploying this to the world, or even within your organisation, you will get a lot fewer problems if you don't try and generate the certificate yourself, and instead, go and buy your certificate from someone that has their CA certificate in the browser trust list. Have fun. -- Patrick Patterson President and Chief PKI Architect, Carillon Information Security Inc. http://www.carillon.ca ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
