Dear Romek, thank you for your answer. I don't have any experience with IIS and certificates yet. All I know that the CSR generated on 2003 works, on 2008 it does not. Additionally, the all work with the Windows Server CA (phew, who would have thought that *eg*).
Kind Regards, Jens -----Ursprüngliche Nachricht----- Von: Romek [mailto:rom...@gmail.com] Gesendet: Freitag, 13. März 2009 13:33 An: Jens Schwepe Betreff: Re: openssl-users: cannot sign csr from win2008/e2k7 Hi, I have been having the same issues with Windows 2003/2008 and IIS 6. The error in your request is that you have not got the 129 zeros needed in the enrolmentCSP that are needed (I believe caused by no CSP being assigned for the request) in the certificate wizard. For me, I have found that the only way to get these requests to work is by recreating them again and again until they do as you have no options to change this by default. It may be sensible that you try also with only 1 subjectAltName as you have 4 encoded in your request which may also cause problems. Also, I have found IIS 6 to give out badly encoded Public Keys giving negative values. You seem to have been lucky here! With IIS 6, I am unable to view the certificate requests with most ASN.1 viewers apart from Gutmann's dumpasn1, but I do not find the same with your request. I was testing with commercial CAs and not OpenSSL. Kind regards, Romek Szczesniak rom...@gmail.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
